Re: JRun 3.0 SP2 Vulnerability??

[niceshorts () yahoo com]

Kerry Steele hat geschrieben:

> Scenario:
>
> Windows 2000 Advanced Server SP2 running IIS.
> Fully patched server, including Q301625 - the cumulative IIS patch.
> Locked down using the Microsoft IIS Lockdown Tool.
> Locked down using the HISECWEB security template.
> Locked down using the Securing IIS 5.0 Checklist.
>
> Should not be vulnerable to Code Red or Nimda, etc. - one would think.
>
> Now load Allaire JRun 3.0 Professional Edition with SP2.
>
> Is it possible that this machine was infected with the Nimda virus, as the 
> JRun ISAPI extension interprets all requests sent to the server?  An attempt 
> was left in the event log where the Windows Protection Service prevented 
> overwriting the cmd.exe file (least it's good for something) - therefore I 
> have to assume that it's been compromised.
>
> Are there any Directory Traversal, Unicode, etc. vulnerabilities for JRun 
> 3.0 SP2 that I am missing?  If not, is JRun vulnerable to the Nimda worm?  
> Does not make sense, this server was FULLY patched.
>
> Example of a vulnerability where IIS was patched, but JRun was still 
> vulnerable:
>
> http://www.allaire.com/handlers/index.cfm?ID=21759&Method=Full
>
> ~~~~~~~~~~~~
> Kerry Steele

    I just d/ld and tested using eEye's Nimda scanner. Same server
    configuration as yours, less the cumulative patch.

    Not Vulnerable.

    So it is either something else, or some thing that broke
    with the cumulative security patch. (Probably something
    else.)

    -anthony kim

-- 
HTTP request sent, awaiting response... 404 Object Not Found
ERROR 404: Object Not Found.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/