Home > Company > News > 2002 Archives > PR111202
News
eEye Digital Security Detects Major Vulnerability in Macromedia ColdFusion/JRun

(ALISO VIEJO, CA) November 12, 2002 — Microsoft IIS web servers running vulnerable versions of Macromedia ColdFusion/JRun are susceptible to attack.

For further information and a technical description of the advisory please visit:
http://www.eeye.com/html/Research/Advisories/AD20021112.html

eEye Digital Security recently discovered a Buffer Overflow in Macromedia JRun and ColdFusion. Microsoft IIS ISAPI handlers contain various heap overflows when handling URI filenames. By supplying a filename over 4096 bytes in size, heap memory can be overwritten. Various structures can be overwritten in the process heap to gain control of the remote IIS process with SYSTEM level access. This makes it rather simple for attackers to remotely compromise Microsoft IIS web servers running vulnerable versions of Macromedia Coldfusion or JRun.

eEye Digital Security customers using SecureIIS are protected from the exploitation of this vulnerability.
http://www.eeye.com/SecureIIS

To detect if your network may be affected by this vulnerability, eEye Digital Security also recommends using Retina® Network Security Scanner. A free trial of Retina is available at the eEye website http://www.eeye.com/html/Products/Retina/index.html

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

Primary Agency Contact

Victor Cruz
MediaPR
(508) 655-4397 eEye@mediapr.net

EMEA Agency Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de

Corporate Contact

Stacy Newman
eEye Digital Security
(949) 900-4131 press@eEye.com