JRun Multiple Sample Files Remote Information Disclosure

medium Nessus Plugin ID 10996

Synopsis

The remote web server suffers from information disclosure flaws.

Description

This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as well as all the session IDs that are currently in use by the server.

Sample files should never be left on production servers.

Solution

Remove the sample files and any other files that are not required.

See Also

http://www.nessus.org/u?d12a4000

Plugin Details

Severity: Medium

ID: 10996

File Name: DDI_JRun_Sample_Files.nasl

Version: 1.30

Type: remote

Family: CGI abuses

Published: 6/5/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 6/22/2000

Reference Information

CVE: CVE-2000-0539, CVE-2000-0540

BID: 1386