33 matches found
CVE-2002-1855
CVE-2002-1855 describes an information-disclosure flaw in Macromedia JRun 3.0–4.0 on Windows, where requesting WEB-INF. with a trailing dot exposes files under WEB-INF (Java classes/config). Several feeds (NVD, Red Hat, CVE list, OpenVAS/Nessus) reiterate that this affects Win32 J2EE containers a...
CVE-2001-1544
The CVE-2001-1544 entry applies to Macromedia/Allaire JRun Web Server (JWS) versions 2.3.3, 3.0 and 3.1. The vulnerability is a directory traversal via a dot-dot (..) in the HTTP GET request that allows reading arbitrary files on the affected host. Concrete details are supported by connected sour...
CVE-2001-1510
The CVE-2001-1510 entry concerns Allaire JRun versions 2.3.3, 3.0 and 3.1 running on IIS 4.0/5.0, iPlanet, Apache, JRun Web Server (JWS) and possibly other web servers. Affected component: the web server handling of certain crafted URLs, where appending one of three fragments ("%3f.jsp", "?.jsp",...
CVE-2004-0928
The CVE-2004-0928 family affects Adobe JRun 4.x servers (and ColdFusion MX 6.0/6.1/J2EE) when running with IIS, where a crafted request ending in ";.cfm" can bypass authentication and disclose script/source content (e.g., .asp, .pl, .php). Connected advisories describe URL handling flaws that tri...
CVE-2001-1084
Affected software: Allaire JRun 3.0 and 2.3.3. Vulnerability: cross-site scripting via error messages when a request targets non-existent files (.JSP, .shtml, .jsp10, .jrun, .thtml). Root cause: uploaded/embedded Javascript from attacker is echoed into an error page, enabling script execution. Im...
CVE-2004-0646
CVE-2004-0646: A buffer overflow exists in Macromedia JRun’s Apache connectors mod_jrun and mod_jrun20 WriteToLog when verbose logging is enabled. A remote attacker can trigger via long header fields (e.g., Content-Type) to execute arbitrary code. Affects JRun 3.0–4.0 with the Apache connectors; ...
CVE-2005-2306
The CVE describes a race condition in Macromedia JRun 4.0 and ColdFusion MX 6.1/7.0 where under heavy load JRun may assign a duplicate authentication token to multiple sessions. This could allow authenticated users to gain privileges as other users. Affected components include JRun 4.0 and ColdFu...
CVE-2000-0539
Allaire JRun 2.3.x is affected by CVE-2000-0539 through information disclosure in servlet examples (SessionServlet), enabling remote attackers to obtain sensitive data such as HttpSession IDs. The OpenVAS entries corroborate that JRun sample files on affected systems expose sensitive information;...
CVE-2001-1511
The CVE-2001-1511 issue affects JRun 3.0/3.1 running on JRun Web Server (JWS) and IIS, where remote attackers can read arbitrary JSP source code by requesting a URL containing a source filename ending in jsp%00 or js%2570. This indicates a file-disclosure vulnerability enabling access to server-s...
CVE-2001-0926
CVE-2001-0926 affects Allaire JRun 2.3.3, 3.0, and 3.1. The flaw arises in the SSI filter: an HTTP request for a non-existent SSI page carrying an #include statement can cause the server to disclose its web root files, enabling remote attackers to obtain source code for JavaServer Pages (.jsp) an...
CVE-2000-1049
CVE-2000-1049 affects Allaire JRun 3.0 HTTP servlet server. The vulnerability allows remote denial of service when a URL containing a long sequence of "." characters is processed. The available sources describe the impact as a DoS, but do not provide concrete exploitation details, affected versio...
CVE-2000-1050
The CVE-2000-1050 entry concerns Allaire JRun 3.0/3.1-era HTTP servlet servers where an information-disclosure vulnerability allows remote attackers to access WEB-INF (and related) directories. The root cause is an information-disclosure path handling flaw triggered by a URL request that contains...
CVE-2004-1478
CVE-2004-1478 concerns JRun 4.0 where improper generation/handling of JSESSIONID enables remote attackers to perform session fixation and hijack HTTP sessions. Root cause: insecure/JSESSIONID management. Impact: remote session hijacking via fixation. Exploitation details are not provided beyond t...
CVE-2001-1545
Macromedia JRun 3.0/3.1 is affected by CVE-2001-1545, where the server appends the jsessionid to URLs (URL rewriting) when cookies are enabled. This can allow remote attackers to obtain session IDs and hijack sessions via HTTP referrer headers or sniffing. Public sources across NVD/Red Hat/CVE li...
CVE-2001-1512
Summary of CVE-2001-1512 / CVE-2000-1050 cluster (Allaire JRun) Concrete details in connected docs show affected products as Allaire JRun 3.0 and 3.1. CVE-2000-1050 describes an information-disclosure/remote-access issue where the JRun HTTP servlet server can expose the WEB-INF directory via a cr...
CVE-2004-1477
CVE-2004-1477 refers to a cross-site scripting (XSS) vulnerability in the Management Console of Macromedia/JRun 4.0. The vulnerability allows remote attackers to inject arbitrary web script/HTML and potentially hijack a user’s session. Connected sources corroborate that this CVE is part of a set ...
CVE-2000-0540
The CVE-2000-0540 vulnerability affects Allaire/Macromedia JRun 2.3.x with its sample files. The issue enables remote disclosure of arbitrary files and configuration information, via JSP sample files (e.g., viewsource.jsp), constituting a partial confidentiality impact. Connected sources also ref...
CVE-2000-1052
The CVE-2000-1052 entry concerns Allaire JRun 2.3 server. Affected component: SSIFilter servlet. Root cause: remote attackers can directly invoke the SSIFilter servlet to obtain source code for executable content, leading to partial confidentiality impact. The public description states exposure o...
CVE-2000-1053
Allaire JRun 2.3.3 server is affected by CVE-2000-1053. The vulnerability allows remote attackers to compile and execute JSP code by injecting it through a cross-site scripting (CSS) attack and then directly invoking the com.livesoftware.jrun.plugins.JSP JSP servlet. Exploitation details, affecte...
CVE-2002-0801
The CVE-2002-0801 issue affects Macromedia JRun 3.1 on Windows, where the ISAPI DLL filter for JRun is vulnerable to a buffer overflow via a long Host header in a request for a .jsp file. This allows a remote attacker to execute arbitrary code with SYSTEM privileges by sending a crafted request t...
CVE-2002-1310
The CVE-2002-1310 entry affects the IIS ISAPI handler for Macromedia JRun 4.0 and earlier, where a heap-based buffer overflow in the error-handling path can be triggered by an HTTP GET with a long .jsp filename. This leads to potential remote arbitrary-code execution. The vulnerability is tied to...
CVE-2005-4473
CVE-2005-4473 concerns Macromedia JRun 4 web server (JWS). The public description states an unspecified vulnerability that enables remote attackers to view web application source code via a malformed URL. This is the only concrete detail provided across linked records; no version-specific impact,...
CVE-2000-1051
CVE-2000-1051 describes a directory traversal vulnerability in Allaire JRun 2.3 server where an attacker can read arbitrary files via the SSIFilter servlet. Affected software is Allaire JRun 2.3 server; the underlying flaw is in the SSIFilter servlet handling that allows path traversal. The NVD m...
CVE-2004-2182
CVE-2004-2182 (Macromedia JRun 4.0) describes a session fixation vulnerability where remote attackers can hijack user sessions by pre-setting the session ID information used by the session server. Public sources in the provided documents consistently identify JRun 4.0 as affected and cite the vul...
CVE-2002-1025
CVE-2002-1025 involves JRun 3.0–4.0. According to the description, remote attackers can read JSP source code by sending an encoded null byte in an HTTP GET request, causing the server to send the .JSP unparsed. The impact is partial confidentiality (read access) with no integrity/availability imp...
CVE-2002-2186
Technical details about CVE-2002-2186 are not publicly provided in the connected documents. Monitor for updates.
CVE-2004-1815
CVE-2004-1815 affects ColdFusion MX 6.0/6.1 and JRun 4.0 where a SOAP web service expecting an array of objects as an argument can trigger a denial of service via memory exhaustion. The connected advisory (CPAI-2004-114) indicates the issue involves how Apache Axis handles SOAP arrays within requ...
CVE-2005-4472
Macromedia JRun 4 Web Server (JWS) is affected by a stack-based buffer overflow when converting long requests to wide characters, enabling remote denial of service and potentially arbitrary code execution. Affected component: JRun 4 web server (JWS). Root cause: improper handling of long requests...
CVE-2001-0179
Allaire JRun 3.0 is affected by an information-disclosure vulnerability where remote attackers can list the contents of WEB-INF and the web.xml in WEB-INF via a malformed URL containing a dot. This is described in the CVE record and corroborated by OpenVAS information-disclosure entries referenci...
CVE-2002-0665
CVE-2002-0665 : Macromedia JRun Administration Server has a login-bypass flaw where an extra slash in the URL allows remote attackers to bypass authentication. The entry is high severity (CVSS 2.0 base score 10.0, NETWORK attack vector, no authentication). Public technical details such as affecte...
CVE-2002-2187
Technical details are not publicly available in the provided documents for CVE-2002-2187; monitor for updates.
CVE-2001-1513
CVE-2001-1513 affects Macromedia JRun 3.0 and 3.1. The issue allows remote attackers to obtain duplicate active user session IDs and perform actions as other users by crafting a URL request for the web application directory without the trailing '/'. This implies potential session impersonation wi...
CVE-2002-0937
The CVE-2002-0937 entry concerns the JSP engine in JRun. Affected component: Java Server Pages (JSP) engine used by JRun. Root cause: a JSP page that calls WPrinterJob().pageSetup(null,null) can trigger an engine crash, leading to a denial of service on the web server. Impact: server instability/...