PT-2000-1962 · Allaire · Jrun

Published

2000-12-11

Updated

2017-12-19

CVE-2000-1053

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Allaire JRun version 2.3.3

Description The issue allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

Recommendations For Allaire JRun version 2.3.3, consider restricting access to the com.livesoftware.jrun.plugins.JSP JSP servlet to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1053

Affected Products

Jrun

PT-2000-1962 · Allaire · Jrun

CVE-2000-1053

Related Identifiers

Affected Products

References · 5