ID |
CVE-2001-1510
|
Summary |
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*
-
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 05-09-2008 - 20:26) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
refmap
via4
|
allaire | MPSB01-13 | bid | 3592 | bugtraq | - 20011128 def-2001-32
- 20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability
- 20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability
| xf | allaire-jrun-view-directory(7623) |
|
Last major update |
05-09-2008 - 20:26 |
Published |
31-12-2001 - 05:00 |
Last modified |
05-09-2008 - 20:26 |