Vulnerability Name:

CVE-2002-1310 (CCN-10568)

Assigned:2002-11-06
Published:2002-11-06
Updated:2017-07-11
Summary:Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: VULNWATCH
Type: UNKNOWN
20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: MITRE
Type: CNA
CVE-2002-1310

Source: BUGTRAQ
Type: UNKNOWN
20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: CCN
Type: eEye Digital Security Advisory AD20021112
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow

Source: EEYE
Type: UNKNOWN
AD20021112

Source: CCN
Type: Macromedia Product Security Bulletin MPSB02-12
Cumulative Security Patch available for JRun 3.0, 3.1 and 4.0

Source: CCN
Type: OSVDB ID: 6640
Macromedia JRun IIS ISAPI error-handling .jsp File Overflow

Source: BID
Type: UNKNOWN
6122

Source: CCN
Type: BID-6122
Macromedia JRun IIS ISAPI Filter GET Request Buffer Overrun Vulnerability

Source: XF
Type: UNKNOWN
jrun-long-url-bo(10568)

Source: XF
Type: UNKNOWN
jrun-long-url-bo(10568)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:jrun:*:*:*:*:*:*:*:* (Version <= 4.0)

    • Configuration CCN 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia jrun *
    macromedia jrun 3.0
    macromedia jrun 3.1
    macromedia jrun 4.0
    microsoft windows 2003_server