Macromedia JRun 3/4 - Administrative Authentication Bypass
| EKU-ID: 27087 | CVE: CVE-2002-0665;OSVDB-5151 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-06-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27087 | CVE: CVE-2002-0665;OSVDB-5151 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-06-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5118/info Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a request for the administrative authentication page. http://JRun-Server:8000//welcome.jsp?&action=stop&server=default will shutdown the 'default' JRun server instance on port 8100. Other administrative functions can also be accessed.