Macromedia JRUN remote JSP source code leak vulnerability
[Http://baomi.shangdu.com
| Confidential security]
Release Date: 2002-7-1 Update Date: 2002-7-9 Affected System:
Macromedia JRun 3.0 - IBM AIX 4.3 - IBM AIX 4.2 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 98 - Microsoft Windows 95 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 SP1 - RedHat Linux 6.1 alpha - RedHat Linux 6.1 sparc - RedHat Linux 6.1 x86 - RedHat Linux 6.0 - RedHat Linux 6.0 sparc - RedHat Linux 6.0 x86 - SGI IRIX 6.5 - Sun Solaris 7.0 - Sun Solaris 2.6 Macromedia JRun 3.1 - IBM AIX 4.3 - IBM AIX 4.2 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 98 - Microsoft Windows 95 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 SP1 - RedHat Linux 6.1 alpha - RedHat Linux 6.1 sparc - RedHat Linux 6.1 x86 - RedHat Linux 6.0 x86 - RedHat Linux 6.0 alpha - RedHat Linux 6.0 - RedHat Linux 6.0 sparc - SGI IRIX 6.5 - Sun Solaris 7.0 - Sun Solaris 2.6 Macromedia JRun 4.0 - Microsoft Windows XP - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windo
WS NT 4.0 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 SP1 Description: ----------------------------------- -------------------------------------------- Bugtraq ID: 5134 Macromedia JRun is a Java application server developed by Macromedia to provide a fast and reliable J2EE compatible platform. Macromedia Jrun is lacking correctly for requests for users, and remote attackers can use this vulnerability to get. JSP file source code information. Macromedia Jrun has problems with the NULL characters after processing the string, and the attacker can add a request for NULL characters by submitting the .jsp file, which can cause the server to return JSP source code information, resulting in sensitive information leakage. An attacker can use this vulnerability to further attack the system. <* Source: Peter Gründl (Pgrundl@kpmg.dk) Link: http://archives.neohapsis.com/archives/bugtraq/2002-07/0001.html *> ------------ -------------------------------------------------- ------------------ Recommendation: Manufacturer Patch: Macromedia ---------- Current manufacturers have released upgrade patches to fix this security problem, please go to the manufacturer Home Download: Macromedia Jrun 3.0: Macromedia Patch JRUN-30-Win-Upgrade-En_49297.exe http://download.macromedia.com/pub/security/jrun/30/intel-win/jrun-30-win-upgrade -en_49297.exe For the patch of the Macromedia JRun 3.0 / Windows system. Macromedia Patch jrun-30-unix-upgrade-us_49297.sh http://download.macromedia.com/pub/security/jrun/30/unix/jrun-30-unix-upgrade-us_49297.sh for Macromedia JRun 3.0 / UNIX And patch of Linux systems. Macromedia Jrun 3.1: Macromedia Patch JRUN-31-Win-Upgrade-En_49297.exe http://download.macromedia.com/pub/security/jrun/31/intel-win/jrun-31-win-upgrade-en_49297.exe A patch for the Macromedia Jrun 3.1 / Windows system. Macromedia Patch jrun-31-unix-upgrade-us_49297.sh http://download.macromedia.com/pub/security/jrun/31/unix/jrun-31-unix-upgrade-us_49297.sh for Macromedia JRun 3.1 / UNIX And patch of Linux systems. Macromedia JRun 4.0: Macromedia Patch MPSB02-06_jrun4-patch.zip http://download.macromedia.com/pub/security/jrun/40/MPSB02-06_jrun4-patch.zip patch for Macromedia JRun 4.0 / Windows system. Macromedia Patch MPSB02-06_JRUN4-PATCH