Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote malicious users to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia jrun 2.3.3 |
||
macromedia jrun 3.1 |
||
macromedia jrun 3.0 |