JRun 3.0 up to and including 4.0 allows remote malicious users to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia jrun 3.0 |
||
macromedia jrun 3.1 |
||
macromedia jrun 4.0 |