I have noticed similar problems. Actually we have a JRUN server running, and about every 30 minutes, the jrun service actually needs to be restarted. As I speak it just crashed again. But prior to Nimba, this wasn't a problem. Jason On 27 Sep 2001 at 13:01, Kerry Steele wrote: From: "Kerry Steele" <steele_kerryat_private> To: focus-msat_private, incidentsat_private Subject: JRun 3.0 SP2 Vulnerability?? Date sent: Thu, 27 Sep 2001 13:01:04 -0500 > Scenario: > > Windows 2000 Advanced Server SP2 running IIS. > Fully patched server, including Q301625 - the cumulative IIS patch. > Locked down using the Microsoft IIS Lockdown Tool. > Locked down using the HISECWEB security template. > Locked down using the Securing IIS 5.0 Checklist. > > Should not be vulnerable to Code Red or Nimda, etc. - one would think. > > Now load Allaire JRun 3.0 Professional Edition with SP2. > > Is it possible that this machine was infected with the Nimda virus, as the JRun > ISAPI extension interprets all requests sent to the server? An attempt was left > in the event log where the Windows Protection Service prevented overwriting the > cmd.exe file (least it's good for something) - therefore I have to assume that > it's been compromised. > > Are there any Directory Traversal, Unicode, etc. vulnerabilities for JRun > 3.0 SP2 that I am missing? If not, is JRun vulnerable to the Nimda worm? Does > not make sense, this server was FULLY patched. > > Example of a vulnerability where IIS was patched, but JRun was still > vulnerable: > > http://www.allaire.com/handlers/index.cfm?ID=21759&Method=Full > > ~~~~~~~~~~~~ > Kerry Steele > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. For more > information on this free incident handling, management and tracking system > please see: http://aris.securityfocus.com > > --- Jason Robertson Network Analyst jasonat_private http://www.astroadvice.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 13:21:31 PDT