CVE-2001-0926

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full	Patch Vendor Advisory
http://www.securityfocus.com/bid/3589	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100697797325013&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7622

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:macromedia:jrun:2.3.3:::::::*
	cpe:2.3:a:macromedia:jrun:3.0:::::::*
	cpe:2.3:a:macromedia:jrun:3.1:::::::*

Information

Published : 2001-11-27 21:00

Updated : 2017-12-18 18:29

NVD link : CVE-2001-0926

Mitre link : CVE-2001-0926

JSON object : View

CWE

NVD-CWE-Other

Products Affected

macromedia

jrun

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full", "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/3589", "name": "3589", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=100697797325013&w=2", "name": "20011128 JRun SSI Request Body Parsing", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7622", "name": "allaire-jrun-view-source(7622)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0926", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-11-28T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-19T02:29Z"}

5.0 /10