Title: Allaire JRun Web Server Directory Traversal Vulnerability
Severity: HIGH
Description:
JRun is a web server implementation distributed by Allaire.
A problem with the web server could allow an attacker to access private information. The problem is in the handling of path identifiers.
JRun does not properly handle input from users. An attacker using the dot-dot-slash (../) path identifier could escape the web root directory. This problem would allow an attacker to gain access to any file on the system to which the web process has read access.
This vulnerability could be exploited to gather intelligence on a vulnerable host, and could potentially lead to a remote user gaining such information as usernames, system configuration information, or user-owned files that do not have restrictive permissions set.
Affected Products:
- Macromedia JRun 2.3.3
- Macromedia JRun 3.0.0
- Macromedia JRun 3.1.0
References:
- Macromedia: Macromedia Product Security Bulletin (MPSB01-17)
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
