Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JRun 3.0 SP2 Vulnerability??

From: "Jason Robertson" <jason () ifuture com>
Date: Thu, 27 Sep 2001 16:14:01 -0400
I have noticed similar problems.  Actually we have a JRUN server running, and about every 30 
minutes, the jrun service actually needs to be restarted.  As I speak it just crashed again.  But 
prior to Nimba, this wasn't a problem.

Jason

On 27 Sep 2001 at 13:01, Kerry Steele wrote:

From:                   "Kerry Steele" <steele_kerry () hotmail com>
To:                     focus-ms () securityfocus com, incidents () securityfocus com
Subject:                JRun 3.0 SP2 Vulnerability??
Date sent:              Thu, 27 Sep 2001 13:01:04 -0500


Scenario:

Windows 2000 Advanced Server SP2 running IIS.
Fully patched server, including Q301625 - the cumulative IIS patch.
Locked down using the Microsoft IIS Lockdown Tool.
Locked down using the HISECWEB security template.
Locked down using the Securing IIS 5.0 Checklist.

Should not be vulnerable to Code Red or Nimda, etc. - one would think.

Now load Allaire JRun 3.0 Professional Edition with SP2.

Is it possible that this machine was infected with the Nimda virus, as the JRun
ISAPI extension interprets all requests sent to the server?  An attempt was left
in the event log where the Windows Protection Service prevented overwriting the
cmd.exe file (least it's good for something) - therefore I have to assume that
it's been compromised.

Are there any Directory Traversal, Unicode, etc. vulnerabilities for JRun 
3.0 SP2 that I am missing?  If not, is JRun vulnerable to the Nimda worm?  Does
not make sense, this server was FULLY patched.

Example of a vulnerability where IIS was patched, but JRun was still 
vulnerable:

http://www.allaire.com/handlers/index.cfm?ID=21759&Method=Full

~~~~~~~~~~~~
Kerry Steele

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more
information on this free incident handling, management and tracking system
please see: http://aris.securityfocus.com





---
Jason Robertson                
Network Analyst            
jason () ifutureinc com    
http://www.astroadvice.com      


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: