CVE-2000-1050
CVSS5.0
发布时间 :2000-12-11 00:00:00
修订时间 :2016-10-17 22:08:08
NMCOE    

[原文]Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").


[CNNVD]Allaire JRun 3.0 http servlet服务器额外前导斜杠漏洞(CNNVD-200012-061)

        Allaire JRun 3.0 http servlet服务器存在漏洞。远程攻击者可以借助请求头包含额外"/"的URL请求直接访问WEB-INF目录(也称为“额外前导斜杠”)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:macromedia:jrun:3.0Macromedia JRun 3.0
cpe:/a:macromedia:jrun:3.0:sp1Macromedia JRun 3.0 SP1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1050
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200012-061
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=97236316510117&w=2
(UNKNOWN)  BUGTRAQ  20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
(VENDOR_ADVISORY)  ALLAIRE  ASB00-027
http://xforce.iss.net/static/5407.php
(VENDOR_ADVISORY)  XF  allaire-jrun-webinf-access

- 漏洞信息

Allaire JRun 3.0 http servlet服务器额外前导斜杠漏洞
中危 未知
2000-12-11 00:00:00 2006-09-20 00:00:00
远程  
        Allaire JRun 3.0 http servlet服务器存在漏洞。远程攻击者可以借助请求头包含额外"/"的URL请求直接访问WEB-INF目录(也称为“额外前导斜杠”)。

- 公告与补丁

        

- 漏洞信息 (20313)

Allaire JRun 3 Directory Disclosure Vulnerability (EDBID:20313)
multiple remote
2000-10-23 Verified
0 Foundstone Labs
N/A [点击下载]
source: http://www.securityfocus.com/bid/1830/info


Allaire JRun is a web application development suite with JSP and Java Servlets. 

Each web application directory contains a WEB-INF directory, this directory contains information on web application classes, pre-compiled JSP files, server side libraries, session information and files such as web.xml and webapp.properties.

JRun contains a vulnerability which allows remote user to view the contents of the WEB-INF directory. By requesting a malformed URL comprised of an additional '/' all of the directories below the WEB-INF directory will be revealed.

Successful exploitation of this vulnerability could lead to a remote attacker gaining read access to any file within the WEB-INF directory.

While this issue was addressed in earlier patches, it is still a problem if the attacker makes a raw specially crafted HTTP GET Request through a Microsoft IIS connector using a utility such as netcat or telnet.

The following request will disclose the contents of WEB-INF:

http://target//WEB-INF/

This may also be exploited by submitting the maliciously crafted URL via a HTTP GET request using utilities like netcat or telnet.		

- 漏洞信息

500
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

The Allaire JRun web server is vulnerable to a directory listing attack. By issuing a malformed request an attacker can view the directory contents. An attacker can use this to gain information about the host.

- 时间线

2000-10-23 Unknow
2000-10-23 Unknow

- 解决方案

Install the appropriate patch listed below or upgrade to a version of JRUN newer than 3.1. JRUN 3.1 Windows (English): jrun-31-win-upgrade-us_26414.exe Windows (Japanese): jrun-31-win-upgrade-ja_30681.exe Windows (French): jrun-31-win-upgrade-fr_30681.exe UNIX/Linux patch (English): jrun-31-unix-upgrade-us_26414.sh UNIX/Linux patch (Japanese): jrun-31-unix-upgrade-ja_30681.sh UNIX/Linux patch (French): jrun-31-unix-upgrade-fr_30681.sh JRUN 3.0 Windows (English): jr30sp2_25232.exe Windows (Japanese): jr30sp2_29543.exe Windows (French): jr30sp2_29543.exe UNIX/Linux patch (English): jr30sp2u_25232.sh UNIX/Linux patch (Japanese): jr30sp2u_29543.sh UNIX/Linux patch (French): jr30sp2u_29543.sh Note: The patches for MPSB01-09, MPSBO1-10, MPSB01-14, MPSB01-15, MPSB01-16, MPSB01-17, MPSB01-18 are identical.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站