- Description
- Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA955BB7-2B8A-4534-A0F6-AEBD6875EB12"
},
{
"criteria": "cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96D6C1D6-F9AF-4CF0-9F80-AB2C20C7615C"
},
{
"criteria": "cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "462BA0C4-D941-4C58-86DF-BF76663723F7"
}
],
"operator": "OR"
}
]
}
]