Sign-up

ID

VAR-200703-0122


CVE

CVE-2007-1278


TITLE

Adobe JRun and ColdFusion MX of IIS Service disruption in connectors (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001655

DESCRIPTION

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Adobe JRun and ColdFusion MX of IIS Connector has a service disruption (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Adobe JRun IIS 6 Connector Denial of Service SECUNIA ADVISORY ID: SA24488 VERIFY ADVISORY: http://secunia.com/advisories/24488/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Adobe ColdFusion MX 7.x http://secunia.com/product/4984/ Macromedia ColdFusion MX 6.x http://secunia.com/product/864/ Macromedia Jrun 4.x http://secunia.com/product/863/ DESCRIPTION: A vulnerability has been reported in Adobe JRun, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within JRun\x92s IIS connector when handling certain requests for resources. This can be exploited via e.g. requesting a file within the web root and then performing certain actions. The vulnerability is reported in the following products with IIS 6: * JRun 4 Updater 6 * Adobe ColdFusion MX 7.0 Enterprise Edition, if installed as the "Multi-Server" option * Adobe ColdFusion MX 6.1 Enterprise, if installed with the "J2EE" option and deployed on JRun 4.0 Updater 6 Adobe ColdFusion MX 6.1 and 7.0 Standard editions are not affected by this issue. SOLUTION: Apply hotfix (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Shoji Kamiichi, NEC. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb07-07.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-1278 // JVNDB: JVNDB-2007-001655 // BID: 22958 // PACKETSTORM: 55081

AFFECTED PRODUCTS

vendor:adobemodel:coldfusionscope:eqversion:6.1

Trust: 1.0

vendor:adobemodel:jrunscope:eqversion:4.0

Trust: 1.0

vendor:adobemodel:coldfusionscope:eqversion:7.0

Trust: 1.0

vendor:adobemodel:coldfusionscope:eqversion:mx mx 6.1 and 7.0 enterprise

Trust: 0.8

vendor:adobemodel:jrunscope:eqversion:4.0 updater 6

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:6

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:6.0

Trust: 0.6

vendor:adobemodel:jrun updaterscope:eqversion:4.06

Trust: 0.3

vendor:adobemodel:coldfusion mx enterprisescope:eqversion:7.0

Trust: 0.3

vendor:adobemodel:coldfusion mx enterprisescope:eqversion:6.1

Trust: 0.3

sources: BID: 22958 // JVNDB: JVNDB-2007-001655 // CNNVD: CNNVD-200703-412 // NVD: CVE-2007-1278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1278
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-412
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-1278
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-001655 // CNNVD: CNNVD-200703-412 // NVD: CVE-2007-1278

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2007-001655 // NVD: CVE-2007-1278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-412

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200703-412

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001655

PATCH
title:APSB07-07url:http://www.adobe.com/support/security/bulletins/apsb07-07.html
Trust: 0.8
title:Microsoft IISurl:http://www.iis.net/
Trust: 0.8
title:Adobe ColdFusion  and Adobe JRun IIS connector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94516
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2007-001655 // 
            
            
            
            CNNVD: CNNVD-200703-412

EXTERNAL IDS
db:NVDid:CVE-2007-1278
Trust: 2.7
db:BIDid:22958
Trust: 1.9
db:SECUNIAid:24488
Trust: 1.7
db:VUPENid:ADV-2007-0932
Trust: 1.6
db:SECTRACKid:1017752
Trust: 1.6
db:OSVDBid:34039
Trust: 1.6
db:JVNDBid:JVNDB-2007-001655
Trust: 0.8
db:CNNVDid:CNNVD-200703-412
Trust: 0.6
db:PACKETSTORMid:55081
Trust: 0.1
sources:
            
            
            BID: 22958 // 
            
            
            
            JVNDB: JVNDB-2007-001655 // 
            
            
            
            PACKETSTORM: 55081 // 
            
            
            
            CNNVD: CNNVD-200703-412 // 
            
            
            
            NVD: CVE-2007-1278

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb07-07.html
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32994
Trust: 1.6
url:http://secunia.com/advisories/24488
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/0932
Trust: 1.6
url:http://osvdb.org/34039
Trust: 1.6
url:http://www.securitytracker.com/id?1017752
Trust: 1.6
url:http://www.securityfocus.com/bid/22958
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1278
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1278
Trust: 0.8
url:http://www.adobe.com
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/864/
Trust: 0.1
url:http://secunia.com/advisories/24488/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/4984/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/863/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 22958 // 
            
            
            
            JVNDB: JVNDB-2007-001655 // 
            
            
            
            PACKETSTORM: 55081 // 
            
            
            
            CNNVD: CNNVD-200703-412 // 
            
            
            
            NVD: CVE-2007-1278

CREDITS
Shoji Kamiichi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200703-412

SOURCES
db:BIDid:22958
db:JVNDBid:JVNDB-2007-001655
db:PACKETSTORMid:55081
db:CNNVDid:CNNVD-200703-412
db:NVDid:CVE-2007-1278

LAST UPDATE DATE
2024-11-23T23:13:20.402000+00:00

SOURCES UPDATE DATE
db:BIDid:22958date:2007-03-14T20:04:00
db:JVNDBid:JVNDB-2007-001655date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-412date:2019-07-09T00:00:00
db:NVDid:CVE-2007-1278date:2024-11-21T00:27:56.350

SOURCES RELEASE DATE
db:BIDid:22958date:2007-03-13T00:00:00
db:JVNDBid:JVNDB-2007-001655date:2012-06-26T00:00:00
db:PACKETSTORMid:55081date:2007-03-17T02:22:27
db:CNNVDid:CNNVD-200703-412date:2007-03-16T00:00:00
db:NVDid:CVE-2007-1278date:2007-03-16T20:19:00