Vulnerabilities > CVE-2000-0539 - Unspecified vulnerability in Macromedia Jrun 2.3

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
macromedia
nessus

Summary

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.

Vulnerable Configurations

Part Description Count
Application
Macromedia
1

Nessus

NASL familyCGI abuses
NASL idDDI_JRUN_SAMPLE_FILES.NASL
descriptionThis host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as well as all the session IDs that are currently in use by the server. Sample files should never be left on production servers.
last seen2020-06-01
modified2020-06-02
plugin id10996
published2002-06-05
reporterThis script is Copyright (C) 2002-2018 Digital Defense Inc.
sourcehttps://www.tenable.com/plugins/nessus/10996
titleJRun Multiple Sample Files Remote Information Disclosure
code
#
# This script was written by H D Moore
# 
# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]> (nb: domain no longer exists)
#      Added BugtraqID and CVE
#
# Changes by Tenable:
# - Updated title (12/8/2008)
# - Changed family (12/8/2008)
# -  updated title (1/22/2009)
# - Lowered Severity (10/4/2009)


include("compat.inc");

if(description)
{
    script_id(10996);
    script_version ("1.29");

    script_cve_id("CVE-2000-0539", "CVE-2000-0540");
    script_bugtraq_id(1386);

    script_name(english:"JRun Multiple Sample Files Remote Information Disclosure");
    script_summary(english:"Checks for the presence of JRun sample files");

     script_set_attribute(attribute:"synopsis", value:
"The remote web server suffers from information disclosure flaws." );
     script_set_attribute(attribute:"description", value:
"This host is running the Allaire JRun web server and has sample files
installed.  Several of the sample files that come with JRun contain
serious security flaws.  An attacker can use these scripts to relay
web requests from this machine to another one or view sensitive
configuration information as well as all the session IDs that are
currently in use by the server. 

Sample files should never be left on production servers." );
  # http://web.archive.org/web/20070224093952/http://www.adobe.com/devnet/security/security_zone/asb00-15.html
     script_set_attribute(attribute:"see_also", value:
"http://www.nessus.org/u?d12a4000" );
     script_set_attribute(attribute:"solution", value:
"Remove the sample files and any other files that are not required.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
    script_set_attribute(attribute:"plugin_publication_date", value:
"2002/06/05");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/06/22");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();

    script_category(ACT_GATHER_INFO);

    script_copyright(english:"This script is Copyright (C) 2002-2020 Digital Defense Inc.");

    script_family(english:"CGI abuses");
    script_dependencie("http_version.nasl");
    script_require_ports("Services/www", 80);
    script_exclude_keys("Settings/disable_cgi_scanning");
    exit(0);
}

include("http_func.inc");
include("global_settings.inc");
include("http_keepalive.inc");

#
# The script code starts here
#


file[0] = "/cfanywhere/index.html";     res[0] = "CFML Sample";
file[1] = "/docs/servlets/index.html";  res[1] = "JRun Servlet Engine";
file[2] = "/jsp/index.html";            res[2] = "JRun Scripting Examples";
file[3] = "/webl/index.html";           res[3] = "What is WebL";

port = get_http_port(default:80, embedded:TRUE);

function check_page(req, pat)
{
    local_var	str, r;
    str = http_get(item:req, port:port);
    r = http_keepalive_send_recv(data:str, port:port);
    if( isnull(r) ) exit(0);
    if(pat >< r)
            {
                security_warning(port:port);
                exit(0);
            }
    return(0);
}

for(i=0;file[i];i=i+1)
{
    req = file[i];
    pat = res[i];
    check_page(req:req, pat:pat);
}