Re: def-2001-32 - Allaire JRun directory browsing vulnerability

• Previous message: Fyodor: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Next in thread: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
• Reply: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ------------------------=[Affected Systems]=--------------------------
> Under Windows NT/2000(any service pack) and IIS 4.0/5.0:
> - JRun 3.0 (all editions)
> - JRun 3.1 (all editions)
> ----------------------=[Detailed Description]=------------------------
> Upon sending a specially formed request to the web server, containing
> a '.jsp' extension makes the JRun handle the request. Example:
>
> http://www.victim.com/%3f.jsp

Not only IIS is affected, i found vulnerable Sites running Apache
1.3.19/Solaris and Apache 1.3.12/Linux.

A NASL Script is attached to find affected systems.


Regards,
Felix Huber


-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelixat_private     (07668)  951 156 (phone)
http://www.webtopia.de     (07668)  951 157 (fax)
                                         (01792)  205 724 (mobile)
-------------------------------------------------------

• application/octet-stream attachment: jrun_getdir.nasl

• Next message: GiulioMaria Fontana: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Previous message: Fyodor: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Next in thread: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
• Reply: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 15:16:59 PST