Home page logo
/

bugtraq logo Bugtraq mailing list archives

wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
From: Matt Moore <matt () westpoint ltd uk>
Date: Fri, 28 Jun 2002 16:37:04 +0100

Westpoint Security Advisory

Title:         Macromedia JRun Admin Server Authentication Bypass
Risk Rating:    Medium
Software:     Macromedia JRun
Platforms:    WinNT, Win2k, *nix
Vendor URL:     www.macromedia.com
Author:        Matt Moore <matt () westpoint ltd uk>
Date:        28th June 2002
Advisory ID#:    wp-02-0009.txt

Overview:
=========
JRun is Macromedia's servlet / jsp engine. It installs an web based administration console on TCP port 8000. Before using the console users are required to login via an HTML form. This form can be bypassed, and administrative functions accessed
without authentication.

Details:
========
The login form is the default page served up by the server on port 8000.
By inserting an extra '/' in the URL we bypass the login form and gain
access to the web based admin console, e.g.

http://JRun-Server//

We do not have unrestricted access to the admin console - clicking on further links returns you to the login page. However, by requesting the desired admin function
in the initial URL we bypass this restriction also, e.g:

JRun-Server:8000//welcome.jsp?&action=stop&server=default

will shutdown the 'default' JRun server instance on port 8100. Other administrative
functions can also be accessed.

Patch Information:
==================

Macromedia have produced a cumulative patch for JRun 3.0/3.1/4.0,
availability of which is described in the bulletin at:

http://www.macromedia.com/v1/handlers/index.cfm?ID=23164

This advisory is available online at:

http://www.westpoint.ltd.uk/advisories/wp-02-0009.txt




  By Date           By Thread  

Current thread:
  • wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Matt Moore (Jun 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]