Adobe JRun Unspecified Denial Of Service Vulnerability

Bugtraq ID:	22958
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1278
Remote:	Yes
Local:	No
Published:	Mar 13 2007 12:00AM
Updated:	Mar 14 2007 08:04PM
Credit:	Shoji Kamiichi of NEC is credited with the discovery of this vulnerability.
Vulnerable:	Adobe JRun 4.0 Updater 6 Adobe ColdFusion MX Enterprise 7.0 Adobe ColdFusion MX Enterprise 6.1
Not Vulnerable:

Adobe JRun Unspecified Denial Of Service Vulnerability

Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

Adobe JRun Unspecified Denial Of Service Vulnerability

Attackers can use a browser to exploit this issue.

Adobe JRun Unspecified Denial Of Service Vulnerability

Solution:
Adobe released an advisory and updates to address this issue. Please see the references for more information.


Adobe JRun 4.0 Updater 6

• Adobe jrun-hotfix-iis6-65502.zip
  http://download.macromedia.com/pub/security/bulletins/apsb07-07/jrun-h otfix-iis6-65502.zip

Adobe ColdFusion MX Enterprise 6.1

• Adobe jrun-hotfix-iis6-65502.zip
  http://download.macromedia.com/pub/security/bulletins/apsb07-07/jrun-h otfix-iis6-65502.zip

Adobe ColdFusion MX Enterprise 7.0

• Adobe jrun-hotfix-iis6-65502.zip
  http://download.macromedia.com/pub/security/bulletins/apsb07-07/jrun-h otfix-iis6-65502.zip

Adobe JRun Unspecified Denial Of Service Vulnerability

References:

• Adobe Homepage (Adobe)
  
• Adobe Security Advisory APSB07-07: Patch available for potential JRun 4 Updater (Adobe)