[VIM] macromedia annoying wording/reference
security curmudgeon
jericho at attrition.org
Mon Dec 26 13:17:16 UTC 2005
http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html
JWS Denial of Service Vulnerability
The JRun Web Server improperly handles long URLs and headers allowing a
remote attacker to cause a denial of service. Macromedia does not
recommend the JWS be used as a production web server.
[..]
Acknowledgements
Adobe would like to thank the following individuals and companies for
working with to help protect our customers' security.
iDefense JWS Denial of Service Vulnerability
--
iDefense links to http://www.idefense.com/, not a specific advisory.
iDefense released a new JRun 4 Web Server (JWS?) buffer overflow advisory
days after the Macromedia advisory, which they had been sitting on since
2004-08-25 waiting for vendor fix. It is highly likely that is the
advisory they reference, but annoying they don't call it by the same
title, link to it, and imply it is DoS and not code execution which the
advisory states: "Successful exploitation may allow remote attackers to
execute arbitrary code with Local System privileges."
More information about the VIM
mailing list