Allaire JRun /servlets Directory Multiple Sample Scripts Information Disclosure
Remote / Network Access
Loss of Confidentiality
JRun contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to multiple sample scripts not properly sanitizing user-supplid input, which will disclose sensitive information resulting in a loss of confidentiality.
Upgrade to version 2.3.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove all documentation, tutorials and sample scripts from the JRUN_HOME/servlets directory.