Vulnerability Name:

CVE-2001-1511 (CCN-7676)

Assigned:2001-12-06
Published:2001-12-06
Updated:2008-09-05
Summary:JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2001-1511

Source: XF
Type: Exploit, Patch
allaire-jrun-view-jsp-source(7676)

Source: CCN
Type: Macromedia Product Security Bulletin MPSB01-15
Patch Available for Revealing Source Code when Accessing a JSP as myjsp%00 or myjs%2570 via the JWS or IIS.

Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=22288&Method=Full

Source: CCN
Type: OSVDB ID: 20217
Macromedia JRun on JWS/IIS Crafted Filename Request Arbitrary JSP Source Disclosure

Source: XF
Type: UNKNOWN
allaire-jrun-view-jsp-source(7676)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia jrun 3.0
    macromedia jrun 3.1
    macromedia jrun 3.0
    macromedia jrun 3.1