发布时间 :2000-12-11 00:00:00
修订时间 :2017-10-09 21:29:27

[原文]Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

[CNNVD]Allaire JRun 3.0 http servlet服务器额外前导斜杠漏洞(CNNVD-200012-061)

        Allaire JRun 3.0 http servlet服务器存在漏洞。远程攻击者可以借助请求头包含额外"/"的URL请求直接访问WEB-INF目录(也称为“额外前导斜杠”)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:macromedia:jrun:3.0Macromedia JRun 3.0
cpe:/a:macromedia:jrun:3.0:sp1Macromedia JRun 3.0 SP1

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
(UNKNOWN)  XF  allaire-jrun-webinf-access

- 漏洞信息

Allaire JRun 3.0 http servlet服务器额外前导斜杠漏洞
中危 未知
2000-12-11 00:00:00 2006-09-20 00:00:00
        Allaire JRun 3.0 http servlet服务器存在漏洞。远程攻击者可以借助请求头包含额外"/"的URL请求直接访问WEB-INF目录(也称为“额外前导斜杠”)。

- 公告与补丁


- 漏洞信息 (20313)

Allaire JRun 3 Directory Disclosure Vulnerability (EDBID:20313)
multiple remote
2000-10-23 Verified
0 Foundstone Labs
N/A [点击下载]

Allaire JRun is a web application development suite with JSP and Java Servlets. 

Each web application directory contains a WEB-INF directory, this directory contains information on web application classes, pre-compiled JSP files, server side libraries, session information and files such as web.xml and

JRun contains a vulnerability which allows remote user to view the contents of the WEB-INF directory. By requesting a malformed URL comprised of an additional '/' all of the directories below the WEB-INF directory will be revealed.

Successful exploitation of this vulnerability could lead to a remote attacker gaining read access to any file within the WEB-INF directory.

While this issue was addressed in earlier patches, it is still a problem if the attacker makes a raw specially crafted HTTP GET Request through a Microsoft IIS connector using a utility such as netcat or telnet.

The following request will disclose the contents of WEB-INF:


This may also be exploited by submitting the maliciously crafted URL via a HTTP GET request using utilities like netcat or telnet.		

- 漏洞信息

Allaire JRun Crafted Request WEB-INF Forced Directory Listing
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

The Allaire JRun web server is vulnerable to a directory listing attack. By issuing a malformed request an attacker can view the directory contents. An attacker can use this to gain information about the host.

- 时间线

2000-10-23 Unknow
2000-10-23 Unknow

- 解决方案

Install the appropriate patch listed below or upgrade to a version of JRUN newer than 3.1. JRUN 3.1 Windows (English): jrun-31-win-upgrade-us_26414.exe Windows (Japanese): jrun-31-win-upgrade-ja_30681.exe Windows (French): jrun-31-win-upgrade-fr_30681.exe UNIX/Linux patch (English): UNIX/Linux patch (Japanese): UNIX/Linux patch (French): JRUN 3.0 Windows (English): jr30sp2_25232.exe Windows (Japanese): jr30sp2_29543.exe Windows (French): jr30sp2_29543.exe UNIX/Linux patch (English): UNIX/Linux patch (Japanese): UNIX/Linux patch (French): Note: The patches for MPSB01-09, MPSBO1-10, MPSB01-14, MPSB01-15, MPSB01-16, MPSB01-17, MPSB01-18 are identical.

- 相关参考

- 漏洞作者

Unknown or Incomplete