| VID |
22086 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Allaire JRun Web server are vulnerable to a directory traversal attack.
Allaire JRun is a program development suite used to develop Web applications with Java Server Pages (JSP) and Java Servlets. Some versions of Allaire JRun Web server make it possible for a remote attacker to traverse directories on the Web server and view files outside of the Web root directory by sending a specially-crafted URL request containing "dot dot" sequences(../). This vulnerability could be exploited to gather intelligence on a vulnerable host, and could potentially lead to a remote user gaining such information as usernames, system configuration information, or user-owned files that do not have restrictive permissions set.
Affected Platform:
Allaire JRun 2.3.3
Allaire JRun 3.0
Allaire JRun 3.1 |
| Recommendation |
Upgrade to the latest JRun at
https://www.adobe.com/products/jrun/download/ |
| Related URL |
CVE-2001-1544 (CVE) |
| Related URL |
3666 (SecurityFocus) |
| Related URL |
7678 (ISS) |
|
