Vulnerabilities > CVE-2001-1510 - Unspecified vulnerability in Macromedia Jrun 2.3.3/3.0/3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | CGI abuses |
NASL id | JRUN_GETDIR.NASL |
description | The version of Allaire JRun running on the remote host is affected by an information disclosure vulnerability due to an issue in handling malformed URLs. An unauthenticated, remote attacker can exploit this, via a crafted request, to display a listing of files in arbitrary directories, which may contain sensitive files. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10814 |
published | 2016-02-16 |
reporter | This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10814 |
title | Allaire JRun Encoded JSP Request Directory Listing |
code |
|
References
- http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2
- http://online.securityfocus.com/archive/1/243203
- http://www.iss.net/security_center/static/7623.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full
- http://www.securityfocus.com/archive/1/243636
- http://www.securityfocus.com/bid/3592