Vulnerability Name:

CVE-2002-1025 (CCN-9459)

Assigned:2002-07-01
Published:2002-07-01
Updated:2008-09-05
Summary:JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: VulnWatch Mailing List, Mon Jul 01 2002 - 02:17:51 CDT
KPMG-2002026: Jrun sourcecode Disclosure

Source: VULNWATCH
Type: UNKNOWN
20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure

Source: MITRE
Type: CNA
CVE-2002-1025

Source: BUGTRAQ
Type: UNKNOWN
20020701 KPMG-2002026: Jrun sourcecode Disclosure

Source: XF
Type: Patch, Vendor Advisory
jrun-null-view-source(9459)

Source: CCN
Type: Macromedia Product Security Bulletin MPSB02-06
Cumulative Security Patch available for JRun 3.0, 3.1 and 4.0

Source: CONFIRM
Type: UNKNOWN
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164

Source: OSVDB
Type: UNKNOWN
5028

Source: CCN
Type: OSVDB ID: 5028
Macromedia JRun JSP Unicode Null Byte String Source Code Extraction

Source: BID
Type: Exploit, Patch, Vendor Advisory
5134

Source: CCN
Type: BID-5134
Macromedia JRun Source Disclosure Vulnerabilities

Source: XF
Type: UNKNOWN
jrun-null-view-source(9459)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia jrun 3.0
    macromedia jrun 3.1
    macromedia jrun 4.0
    macromedia jrun 3.0
    macromedia jrun 3.1
    macromedia jrun 4.0