Adobe JRun cross-site scripting vulnerability


Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Adobe Systems, Inc.
  • Adobe ColdFusion mx 6.1 Enterprise (with J2EE installed and JRun 4.0 deployed)
  • Adobe ColdFusion mx 7.0 Enterprise (with the Multi-Server option installed)
  • Adobe JRun 4.0


An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking.

Vendor Information

Adobe Systems, Inc.
  • Adobe Security bulletins and advisories : APSB07-05
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2006-5860

  1. JVN : JVN#14243645
  2. National Vulnerability Database (NVD) : CVE-2006-5860
  3. Secunia Advisory : SA24093
  4. SecurityFocus : 22547
  5. ISS X-Force Database : 32475
  6. SecurityTracker : 1017646
  7. FrSIRT Advisories : FrSIRT/ADV-2007-0594
Revision History

  • [2008/05/21]
      Web page published