Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Macromedia Jrun 4 Cross Site Scripting vulnerabilities

Nov 26, 2003 10:08AM PST

Security-Corporation ID : SC-0787
URL : http://www.security-corporation.com/articles-20031126-001.html
Author : dr_insane
Product : Macromedia Jrun 4 (build 61650)
Source Message Contents :

Macromedia Jrun 4 (build 61650) web server remote administration CSS vulnerabilities

13/11/2003 (Revision 1)

Local: Yes
Remote: yes

Vendor Information: http://www.macromedia.com
Affected Versions/systems:
Solaris 7,8,9
Red Hat Linux 6.2, 7.x
SuSE Linux 7.3, 8.0
HP-UX 11i
IBM AIX 4.3, 5.x
Compaq Tru64 5.1 UNIX
Windows 98/ME/NT/2000/XP

Description:
I encountered some XSS security holes in Macromedia 4 (build 61650). it is possible to steal cookies using these bugs and compromise the whole system

SoLuTiOn:
Disable the remote administration service.

Discussion is locked