4 matches found
Allaire JRun Crafted Request Forced Directory Listing
The version of Allaire JRun running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, by using a crafted URL request with '/./' prepended, to display a listing of a remote directory, even if a valid index file exists i...
CVE-2000-1050
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request aka the "extra leading slash"...
CVE-2000-1050
The CVE-2000-1050 entry concerns Allaire JRun 3.0/3.1-era HTTP servlet servers where an information-disclosure vulnerability allows remote attackers to access WEB-INF (and related) directories. The root cause is an information-disclosure path handling flaw triggered by a URL request that contains...
CVE-2000-1050
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request aka the "extra leading slash"...