Vulnerability Name:

CVE-2002-0801 (CCN-9194)

Assigned:2002-05-29
Published:2002-05-29
Updated:2008-09-05
Summary:Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed May 29 2002 - 11:37:28 CDT
Addendum to advisory #NISR29052002 (JRun buffer overflow)

Source: VULNWATCH
Type: UNKNOWN
20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)

Source: MITRE
Type: CNA
CVE-2002-0801

Source: BUGTRAQ
Type: UNKNOWN
20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)

Source: BUGTRAQ
Type: UNKNOWN
20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)

Source: CCN
Type: CERT Advisory CA-2002-14
Buffer overflow in Macromedia JRun

Source: CERT
Type: US Government Resource
CA-2002-14

Source: XF
Type: Patch, Vendor Advisory
jrun-isapi-host-bo(9194)

Source: CCN
Type: US-CERT VU#703835
Macromedia JRun ISAPI DLL filter vulnerable to buffer overflow via request for long Host header field

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#703835

Source: CCN
Type: Macromedia Web site
Macromedia - JRun 4

Source: CCN
Type: Macromedia Product Security Bulletin MPSB02-02
Patch Available for ISAPI buffer overflow in JRun 3.0/3.1

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR29052002
Macromedia JRUN Buffer overflow vulnerability

Source: OSVDB
Type: UNKNOWN
5082

Source: CCN
Type: OSVDB ID: 5082
Macromedia JRun ISAPI Filter Host Header Overflow

Source: BID
Type: Patch, Vendor Advisory
4873

Source: CCN
Type: BID-4873
Macromedia JRun Host Header Field Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
jrun-isapi-host-bo(9194)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia jrun 3.0
    macromedia jrun 3.1
    macromedia jrun 3.0
    macromedia jrun 3.1