Vulnerabilities > CVE-2001-0926 - Unspecified vulnerability in Macromedia Jrun 2.3.3/3.0/3.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

macromedia

NVD

Published: 2001-11-28

Updated: 2017-12-19

Summary

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Jrun 2.3.3 Macromedia Jrun 3.0 Macromedia Jrun 3.1	3

References

http://marc.info/?l=bugtraq&m=100697797325013&w=2
http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
http://www.securityfocus.com/bid/3589
https://exchange.xforce.ibmcloud.com/vulnerabilities/7622