Intrusion Prevention

Multiple.Vendor.SOAP.DoS

Description

This indicates a vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0 when they handle requests with SOAP arrays in the parameters. It allows remote attackers to crash the server by sending a special soap http request.

Affected Products

ColdFusion MX 6.0 and 6.1, and JRun 4.0

Impact

Denial of service.

Recommended Actions

Macromedia products - please follow the instructions of MPSB04-04,
in the following URL:
http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html
Sun Microsystems products - please follow the instructions of Sun
Alert #57517 in the following URL:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517

CVE References

CVE-2004-1815