Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Matt Moore (mattwestpoint.ltd.uk)
Date: Fri Jun 28 2002 - 10:37:50 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Westpoint Security Advisory

    Title: Macromedia JRun Admin Server Authentication Bypass
    Risk Rating: Medium
    Software: Macromedia JRun
    Platforms: WinNT, Win2k, *nix
    Vendor URL: www.macromedia.com
    Author: Matt Moore <mattwestpoint.ltd.uk>
    Date: 28th June 2002
    Advisory ID#: wp-02-0009.txt

    JRun is Macromedia's servlet / jsp engine. It installs an web based
    console on TCP port 8000. Before using the console users are required to
    login via
    an HTML form. This form can be bypassed, and administrative functions
    without authentication.

    The login form is the default page served up by the server on port 8000.
    By inserting an extra '/' in the URL we bypass the login form and gain
    access to the web based admin console, e.g.


    We do not have unrestricted access to the admin console - clicking on
    further links
    returns you to the login page. However, by requesting the desired admin
    in the initial URL we bypass this restriction also, e.g:


    will shutdown the 'default' JRun server instance on port 8100. Other
    functions can also be accessed.

    Patch Information:

    Macromedia have produced a cumulative patch for JRun 3.0/3.1/4.0,
    availability of which is described in the bulletin at:


    This advisory is available online at: