| VID |
22174 |
| Severity |
30 |
| Port |
8000 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Macromedia JRun has a source revealing vulnerability via a non-existent .shtml file.
Macromedia JRun is a web application development suite with JSP and Java Servlets. JRun supports Server Side Includes (SSI), SSI allows a webmaster to include various files in an otherwise static HTML file. Variables which might be included could be the current time on a website or last modified date and time etc. By default, file extension associated to the SSI handler is .shtml.
JRun versions 2.3.3, 3.0, and 3.1 contain a vulnerability that allows a remote attacker to obtain the source code of protected files within the Web root directory. Submitting a specially crafted request for a non-existent .shtml file along with a known file, will reveal the contents of the known file residing on the host. This issue results because of a flaw in a Server Side component which handles requests for SSI pages. Files which are interpreted as executable content (JSP scripts) will have their possibly sensitive source code output if requested using this vulnerability.
It is also possible for attackers to execute arbitrary Java servlets, regardless of whether the mapping has been disabled.
* References:
http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
http://www.netcraft.com/security/public-advisories/2001-11.1.html
http://online.securityfocus.com/bid/3589
http://www.iss.net/security_center/static/7622.php
* Platforms Affected:
JRun 3.1 (all editions)
JRun 3.0 (all editions)
JRun 2.3.3 (all editions) |
| Recommendation |
Update to the latest version of the JRun from:
https://www.adobe.com/products/jrun/lownload/ |
| Related URL |
CVE-2001-0926 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
