CVE-2001-1510
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2001
Last modified:
03/04/2025
Description
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2
- http://online.securityfocus.com/archive/1/243203
- http://www.iss.net/security_center/static/7623.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full
- http://www.securityfocus.com/archive/1/243636
- http://www.securityfocus.com/bid/3592
- http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2
- http://online.securityfocus.com/archive/1/243203
- http://www.iss.net/security_center/static/7623.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full
- http://www.securityfocus.com/archive/1/243636
- http://www.securityfocus.com/bid/3592