The host is running Adobe JRun and is prone to multiple vulnerabilities.
Successful exploitation could allow remote attackers to cause XSS attacks or Directory Traversal attack using the affected application. Impact Level: System/Application
Apply the security updates. http://download.macromedia.com/pub/coldfusion/updates/jmc-app.ear ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
- Multiple XSS vulnerabilities exists due to error in the Management Console which can be exploited to inject arbitrary web script or HTML via unspecified vectors. - A Directory traversal attack is possible due to error in logging/logviewer.jsp in the Management Console which can be exploited by authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
Adobe JRun version 4.0 on Windows
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability