Macromedia JRun 2.3.3

CPE Details

Macromedia JRun 2.3.3
macromedia
jrun
2.3.3
2007-08-23
19h16 +00:00
2007-09-14
15h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*

Informations

Vendor

macromedia

Product

jrun

Version

2.3.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2001-1510 2005-07-14 04h00 +00:00 Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5
CVE-2001-1544 2005-07-14 04h00 +00:00 Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
5
CVE-2002-1310 2002-11-21 04h00 +00:00 Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
7.5
CVE-2001-1084 2002-06-25 02h00 +00:00 Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
7.5
CVE-2001-0926 2002-02-02 04h00 +00:00 SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
5