Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 11/12/2000 Updated: 19/12/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Allaire JRun 2.3.3 server allows remote malicious users to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
macromedia jrun 2.3.x

source: wwwsecurityfocuscom/bid/1831/info Jrun contains a vulnerability that allows a user to compile and execute JSP code from an arbitrary file on the webserver's filesystem This bug is due to the way JSP execution is invoked -- if a requested filename/path is prefixed with '/servlet/' If a user specifies "/" paths as part of a "/s ...

NVD-CWE-Other http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full http://marc.info/?l=bugtraq&m=97236125107957&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/5406 https://nvd.nist.gov https://www.exploit-db.com/exploits/20314/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-1053

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect