Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Jun 16, 2026
CVE-2004-0646
CVE-2004-0646
Description
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
- (no CPE)range: 3.0 - 4.0
Patches
Vulnerability mechanics
References
7- www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlnvdPatch
- www.securityfocus.com/bid/11245nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/990200nvdUS Government Resource
- secunia.com/advisories/12647/nvd
- www.macromedia.com/devnet/security/security_zone/mpsb04-09.htmlnvd
- www.securityfocus.com/archive/1/377194nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17485nvd
News mentions
0No linked articles in our index yet.