8 lines
No EOL
474 B
Text
8 lines
No EOL
474 B
Text
source: http://www.securityfocus.com/bid/5118/info
|
|
|
|
Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a request for the administrative authentication page.
|
|
|
|
http://JRun-Server:8000//welcome.jsp?&action=stop&server=default
|
|
|
|
will shutdown the 'default' JRun server instance on port 8100. Other
|
|
administrative functions can also be accessed. |