CVE-2001-1510

Name of the Vulnerable Software and Affected Versions Allaire JRun versions 2.3.3, 3.0, 3.1

Description The issue allows remote attackers to read arbitrary files and directories by appending certain characters to the requested URL, including (1) "%3f.jsp", (2) "?.jsp", or (3) "?".

Recommendations For Allaire JRun versions 2.3.3, 3.0, 3.1, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, consider disabling the ability to append special characters to URLs in the affected web servers. Restrict access to the web server to minimize the risk of exploitation.