CVE-2004-0646

3 documents3 sources
Severity
10.0CRITICAL
EPSS
70.9%
top 1.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Macromedia ColdfusionMacromedia Jrun
Timeline
PublishedDec 23
Latest updateApr 29

Description

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmacromedia/jrun3.0, 3.1, 4.0+2
NVDmacromedia/coldfusion6.0, 6.1+1

Patches

Patch: www.macromedia.comPatch: www.securityfocus.comPatch: www.macromedia.com

🔴Vulnerability Details

2
GHSA
GHSA-rw7h-9637-29rh: Buffer overflow in the WriteToLog function for JRun 32022-04-29
CVEList
CVE-2004-0646: Buffer overflow in the WriteToLog function for JRun 32004-11-19
CVE-2004-0646 (CRITICAL CVSS 10) | Buffer overflow in the WriteToLog f | cvebase.io