Vulnerabilities > CVE-2000-0540 - Unspecified vulnerability in Macromedia Jrun 2.3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
macromedia
nessus

Summary

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.

Vulnerable Configurations

Part Description Count
Application
Macromedia
1

Nessus

  • NASL familyCGI abuses
    NASL idJRUN.NASL
    descriptionThe version of JRun on the remote host has a directory traversal vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id10444
    published2000-06-22
    reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10444
    titleJRun viewsource.jsp Directory Traversal Arbitrary File Access
  • NASL familyCGI abuses
    NASL idDDI_JRUN_SAMPLE_FILES.NASL
    descriptionThis host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as well as all the session IDs that are currently in use by the server. Sample files should never be left on production servers.
    last seen2020-06-01
    modified2020-06-02
    plugin id10996
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10996
    titleJRun Multiple Sample Files Remote Information Disclosure