[原文]Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
Allaire JRun is a web application development suite with JSP and Java Servlets.
Each web application directory contains a WEB-INF directory, this directory contains information on web application classes, pre-compiled JSP files, server side libraries, session information and files such as web.xml and webapp.properties.
JRun contains a vulnerability which allows remote user to view the contents of the WEB-INF directory. By requesting a malformed URL comprised of an additional '/' all of the directories below the WEB-INF directory will be revealed.
Successful exploitation of this vulnerability could lead to a remote attacker gaining read access to any file within the WEB-INF directory.
While this issue was addressed in earlier patches, it is still a problem if the attacker makes a raw specially crafted HTTP GET Request through a Microsoft IIS connector using a utility such as netcat or telnet.
The following request will disclose the contents of WEB-INF:
This may also be exploited by submitting the maliciously crafted URL via a HTTP GET request using utilities like netcat or telnet.
The Allaire JRun web server is vulnerable to a directory listing attack. By issuing a malformed request an attacker can view the directory contents. An attacker can use this to gain information about the host.
Install the appropriate patch listed below or upgrade to a version of JRUN newer than 3.1.
Windows (English): jrun-31-win-upgrade-us_26414.exe
Windows (Japanese): jrun-31-win-upgrade-ja_30681.exe
Windows (French): jrun-31-win-upgrade-fr_30681.exe
UNIX/Linux patch (English): jrun-31-unix-upgrade-us_26414.sh
UNIX/Linux patch (Japanese): jrun-31-unix-upgrade-ja_30681.sh
UNIX/Linux patch (French): jrun-31-unix-upgrade-fr_30681.sh
Windows (English): jr30sp2_25232.exe
Windows (Japanese): jr30sp2_29543.exe
Windows (French): jr30sp2_29543.exe
UNIX/Linux patch (English): jr30sp2u_25232.sh
UNIX/Linux patch (Japanese): jr30sp2u_29543.sh
UNIX/Linux patch (French): jr30sp2u_29543.sh
Note: The patches for MPSB01-09, MPSBO1-10, MPSB01-14, MPSB01-15, MPSB01-16, MPSB01-17, MPSB01-18 are identical.