[VIM] macromedia annoying wording/reference

security curmudgeon jericho at attrition.org
Mon Dec 26 13:17:16 UTC 2005


JWS Denial of Service Vulnerability
The JRun Web Server improperly handles long URLs and headers allowing a 
remote attacker to cause a denial of service. Macromedia does not 
recommend the JWS be used as a production web server.



Adobe would like to thank the following individuals and companies for 
working with to help protect our customers' security.

iDefense  JWS Denial of Service Vulnerability


iDefense links to http://www.idefense.com/, not a specific advisory. 
iDefense released a new JRun 4 Web Server (JWS?) buffer overflow advisory 
days after the Macromedia advisory, which they had been sitting on since 
2004-08-25 waiting for vendor fix. It is highly likely that is the 
advisory they reference, but annoying they don't call it by the same 
title, link to it, and imply it is DoS and not code execution which the 
advisory states: "Successful exploitation may allow remote attackers to 
execute arbitrary code with Local System privileges."

More information about the VIM mailing list