Vulnerabilities > CVE-2002-1855 - Unspecified vulnerability in Macromedia Jrun 3.0/3.1/4.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

macromedia

nessus

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Jrun 3.1 Macromedia Jrun 3.0 Macromedia Jrun 4.0	3

Nessus

NASL family	CGI abuses
NASL id	GENERIC_WEB-INF.NASL
description	By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the
last seen	2020-06-01
modified	2020-06-02
plugin id	11037
published	2002-07-01
reporter	This script is Copyright (C) 2002-2018 Matt Moore
source	https://www.tenable.com/plugins/nessus/11037
title	Multiple Server Crafted Request WEB-INF Directory Information Disclosure

Summary

Vulnerable Configurations

Nessus

References