Detections
Analytics

Allaire JRun Encoded JSP Request Directory Listing

medium Nessus Plugin ID 10814

Language:

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of Allaire JRun running on the remote host is affected by an information disclosure vulnerability due to an issue in handling malformed URLs. An unauthenticated, remote attacker can exploit this, via a crafted request, to display a listing of files in arbitrary directories, which may contain sensitive files.

Solution

Disable directory browsing in each of the applications and refer to the referenced URL for further steps.

See Also

http://www.securityfocus.com/advisories/3689

Plugin Details

Severity: Medium

ID: 10814

File Name: jrun_getdir.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 2/16/2016

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:macromedia:jrun

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 11/27/2001

Reference Information

CVE: CVE-2001-1510

BID: 3592