| VID |
22094 |
| Severity |
20 |
| Port |
8000, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Allaire JRun reveals sensitive path information. JRun is used to develop Web applications with JSP and Java Servlets.
When a user requests the URL of an nonexistent JSP file, the physical path to the Web directory is presented by the server as part of the error message. An attacker could use this to gain information about the file structure of the Web server that would be helpful in an attack.
You can view the path to the web directory by the following request: http://www.example.com:8000/anything.jsp
500 Internal Server Error
Could not find JSP/JHTML source or class files: C:\JRun\jsm-default\services\jws\htdocs\anything0.jsp
* References:
http://online.securityfocus.com/bid/1531
http://www.securityfocus.com/bid/3592 |
| Recommendation |
Update to the latest version of the JRun from:
https://www.adobe.com/products/jrun/lownload/ |
| Related URL |
CVE-2001-1510 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
