JRun Sample Files

This host is running the Allaire JRun web server and has sample files installed. It is vulnerable to security flaws in the sample files, which can be exploited by an attacker to relay web requests or view sensitive configuration information

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2000-0539	13 Oct 200004:00	–	cve
Cvelist	CVE-2000-0539	13 Oct 200004:00	–	cvelist
Tenable Nessus	JRun Multiple Sample Files Remote Information Disclosure	5 Jun 200200:00	–	nessus
EUVD	EUVD-2000-0536	7 Oct 202500:30	–	euvd
NVD	CVE-2000-0539	22 Jun 200004:00	–	nvd

# OpenVAS Vulnerability Test
# $Id: DDI_JRun_Sample_Files.nasl 7275 2017-09-26 11:46:31Z cfischer $
# Description: JRun Sample Files
#
# Authors:
# H D Moore
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
# Erik Anderson <[email protected]>
# Added BugtraqID and CVE
#
# Copyright:
# Copyright (C) 2001 Digital Defense Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "This host is running the Allaire JRun web server 
and has sample files installed.  Several of the 
sample files that come with JRun contain serious 
security flaws.  An attacker can use these 
scripts to relay web requests from this machine 
to another one or view sensitive configuration 
information.";

tag_solution = "Sample files should never be left on production
          servers.  Remove the sample files and any other 
          files that are not required.";

if(description)
{
    script_id(10996);
    script_version("$Revision: 7275 $");
    script_tag(name:"last_modification", value:"$Date: 2017-09-26 13:46:31 +0200 (Tue, 26 Sep 2017) $");
    script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
    script_bugtraq_id(1386);
    script_tag(name:"cvss_base", value:"6.4");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
    script_cve_id("CVE-2000-0539");
    name = "JRun Sample Files";
    script_name(name);

    summary = "Checks for the presence of JRun sample files";
    script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_vul");

    script_copyright("This script is Copyright (C) 2001 Digital Defense Inc.");

    family = "Malware";
    script_family(family);
    script_dependencies("find_service.nasl", "http_version.nasl");
    script_require_ports("Services/www", 80);
    script_exclude_keys("Settings/disable_cgi_scanning");

    script_tag(name : "solution" , value : tag_solution);
    script_tag(name : "summary" , value : tag_summary);
    exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");

file[0] = "/cfanywhere/index.html";     res[0] = "CFML Sample";
file[1] = "/docs/servlets/index.html";  res[1] = "JRun Servlet Engine";
file[2] = "/jsp/index.html";            res[2] = "JRun Scripting Examples";
file[3] = "/webl/index.html";           res[3] = "What is WebL";

function check_page(req, pat, port)
{
    str = http_get(item:req, port:port);
    r = http_keepalive_send_recv(data:str, port:port);
    if( r == NULL ) exit(0);
    if(pat >< r) {
      security_message(port:port);
      exit(0);
    }
    return(0);
}

port = get_http_port(default:80);

for(i=0;file[i];i=i+1)
{
    req = file[i];
    pat = res[i];
    check_page(req:req, pat:pat, port:port);
}

26 Sep 2017 00:00Current

6.5Medium risk

Vulners AI Score6.5

EPSS0.0054