VYPR
Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Jun 16, 2026

CVE-2004-0646

CVE-2004-0646

Description

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • Macromedia/Jrun4 versions
    cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
    • (no CPE)range: 3.0 - 4.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.