The host is running Adobe JRun and is prone to multiple vulnerabilities.

Successful exploitation could allow remote attackers to cause XSS attacks or Directory Traversal attack using the affected application. Impact Level: System/Application

Apply the security updates. http://download.macromedia.com/pub/coldfusion/updates/jmc-app.ear ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

- Multiple XSS vulnerabilities exists due to error in the Management Console which can be exploited to inject arbitrary web script or HTML via unspecified vectors. - A Directory traversal attack is possible due to error in logging/logviewer.jsp in the Management Console which can be exploited by authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.

Adobe JRun version 4.0 on Windows

• http://secunia.com/advisories/36329/
• http://www.adobe.com/support/security/bulletins/apsb09-12.html
• http://www.dsecrg.com/pages/vul/show.php?id=151

---

Updated on 2015-03-25