CVE-2002-1025

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/5134	Exploit Patch Vendor Advisory
http://www.iss.net/security_center/static/9459.php	Patch Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
http://online.securityfocus.com/archive/1/280062
http://www.osvdb.org/5028

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:macromedia:jrun:3.0:::::::*
	cpe:2.3:a:macromedia:jrun:3.1:::::::*
	cpe:2.3:a:macromedia:jrun:4.0:::::::*

Information

Published : 2002-10-03 21:00

Updated : 2008-09-05 13:29

NVD link : CVE-2002-1025

Mitre link : CVE-2002-1025

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

macromedia

jrun

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/5134", "name": "5134", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/9459.php", "name": "jrun-null-view-source(9459)", "tags": ["Patch", "Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164", "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164", "tags": [], "refsource": "CONFIRM"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html", "name": "20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure", "tags": [], "refsource": "VULNWATCH"}, {"url": "http://online.securityfocus.com/archive/1/280062", "name": "20020701 KPMG-2002026: Jrun sourcecode Disclosure", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.osvdb.org/5028", "name": "5028", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1025", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-10-04T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:29Z"}