Allaire Jrun 3.0 can be viewed by a directory

xiaoxiao2021-03-06  72

Allaire Jrun 3.0 can be viewed by a directory

Published: 2000-10-25 Updated: 2000-10-25 Severity: the extent of the threat: Remote unauthorized file access error types: input validation error Use: server mode

Affected systems Allaire JRun 3.0 - Sun Solaris 7.0 - Sun Solaris 2.6 - SGI IRIX 6.5 - RedHat Linux 6.1 sparc - RedHat Linux 6.1 i386 - RedHat Linux 6.1 alpha - RedHat Linux 6.0 sparc - RedHat Linux 6.0 i386 - Microsoft Windows 98 - Microsoft Windows 95 - Microsoft Windows NT 4.0 - Microsoft Windows NT 2000 - IBM AIX 4.3 - IBM AIX 4.2 Detailed Description Allaire JRun is a web application kit based on JSP and Java servlet. Each web application directory contains a web-inflica, which contains some of the Class and precompiled JSP files for web applications, server log files, session information, and files such as web.xml, webapp.properties.

JRUN contains a vulnerability allows remote users to view the web-infers of the web-infers, and all directories in the web-INF directory are displayed by requested a URL containing "/" characters.

Test code http: // target // Web-inf /

Solution Allaire provides the following patches:

Allaire JRun 3.0:

Allaire Patch Extraslasheshtp: //download.Allaire.com/jrun/jrun3.0/extraslashes.zipwindows 95/98 / NT / 2000 and Windows NT Alpha

Allaire Patch Extraslas.tarhttp: //download.allaire.com/jrun/jrun3.0/extraslashes.tar.gzunix/Linux Patch - GNU Gzip / Tar

转载请注明原文地址:https://www.9cbs.com/read-121035.html

New Post(0)