CVE-2001-1084

Name of the Vulnerable Software and Affected Versions Allaire JRun versions 2.3.3 and 3.0

Description A cross-site scripting issue allows a malicious webmaster to embed Javascript in a request for certain file types, including .JSP, .shtml, .jsp10, .jrun, or .thtml, that do not exist. This results in the Javascript being inserted into an error message.

Recommendations For Allaire JRun version 2.3.3, update to a version that fixes this issue. For Allaire JRun version 3.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the error messages generated by the server to minimize the risk of exploitation.