CVE-2004-0646

Name of the Vulnerable Software and Affected Versions JRun versions 3.0 through 4.0

Description The issue is related to a buffer overflow in the WriteToLog function when verbose logging is enabled. This can be exploited by remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Recommendations For JRun versions 3.0 through 4.0, consider disabling verbose logging as a temporary workaround to minimize the risk of exploitation. Restrict access to the WriteToLog function until a patch is available. Avoid using the Content-Type field in HTTP headers with overly long values in the affected web server connectors, such as mod jrun and mod jrun20 for Apache, until the issue is resolved.