| VID |
22175 |
| Severity |
30 |
| Port |
8000 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Macromedia JRun remote attackers to read JSP source code via an encoded null byte in an HTTP GET request.
Macromedia JRun is a web application development suite with JSP and Java Servlets. Macromedia JRun versions 3.0, 3.1, and 4.0 contain a vulnerability that allows a remote attacker to obtain the source code of protected files within the Web directories. A remote attacker could send a specially-crafted URL request for a known .jsp file appended with a character string containing Unicode encoded NULL byte characters to cause the source code of the file to be displayed instead of processed.
* References:
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://online.securityfocus.com/bid/5134
http://www.iss.net/security_center/static/9459.php
* Platforms Affected:
JRun 3.0 (all editions)
JRun 3.1 (all editions)
JRun 4.0 (all editions) |
| Recommendation |
Update to the latest version of the JRun from:
https://www.adobe.com/products/jrun/lownload/ |
| Related URL |
CVE-2002-1025 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
