EUVD-2000-1036

Malware in sbrugna...

'/./WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Allaire JRun 3.0 Servlet DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2337/info A denial of service condition exists in the JRun web application server. Requesting multiple malformed URLs by way of the java servlet, will cause the JRun application server to stop responding...

CVE-2001-1545

Macromedia JRun 3.0/3.1 is affected by CVE-2001-1545, where the server appends the jsessionid to URLs (URL rewriting) when cookies are enabled. This can allow remote attackers to obtain session IDs and hijack sessions via HTTP referrer headers or sniffing. Public sources across NVD/Red Hat/CVE li...

CVE-2001-1513

CVE-2001-1513 affects Macromedia JRun 3.0 and 3.1. The issue allows remote attackers to obtain duplicate active user session IDs and perform actions as other users by crafting a URL request for the web application directory without the trailing '/'. This implies potential session impersonation wi...

CVE-2001-0179

Allaire JRun 3.0 is affected by an information-disclosure vulnerability where remote attackers can list the contents of WEB-INF and the web.xml in WEB-INF via a malformed URL containing a dot. This is described in the CVE record and corroborated by OpenVAS information-disclosure entries referenci...

Security Bulletin (ASB01-02) JRun 3.0

Allaire posted the following security bulletin to their site recently. The online version can be found at: http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full ------------------------------------ Allaire Security Bulletin ASB01-02 JRun 3.0: Patch available for JRun malformed URI WEB-IN...

CVE-2000-1049

CVE-2000-1049 affects Allaire JRun 3.0 HTTP servlet server. The vulnerability allows remote denial of service when a URL containing a long sequence of "." characters is processed. The available sources describe the impact as a DoS, but do not provide concrete exploitation details, affected versio...

CVE-2000-1049

Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters...

Allaire JRun 3.0 Servlet - Denial of Service

Allaire JRun 3.0 Servlet - Denial of Service source: https://www.securityfocus.com/bid/2337/info A denial of service condition exists in the JRun web application server. Requesting multiple malformed URLs by way of the java servlet, will cause the JRun application server to stop responding...

Allaire's JRUN Unauthenticated Access to WEB-INF directory

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire's JRUN ---------------------------------------------------------------------- FS Advisory ID: FS-102300-12-JRUN Release Date: October 23, 2000 Product: JRun 3.0 Vendor: Allaire Inc...