| VID |
22176 |
| Severity |
30 |
| Port |
8000 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Macromedia JRun has a source revealing vulnerability via a request appended with '::$DATA'.
Macromedia JRun is a web application development suite with JSP and Java Servlets. Macromedia JRun versions 3.0 and 3.1 contain a vulnerability that allows a remote attacker to obtain the source code of known JSP files on the Web server. A remote attacker could send a URL request appended with '::$DATA' for a known JSP file to cause the source code of the file to be returned.
* Platforms Affected:
JRun 3.0 (all editions)
JRun 3.1 (all editions)
* References:
http://online.securityfocus.com/bid/3664
http://www.iss.net/security_center/static/7681.php
http://www.securityfocus.com/advisories/3718 |
| Recommendation |
Update to the latest version of the JRun from:
https://www.adobe.com/products/jrun/lownload/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
