CVE-2001-0926

Name of the Vulnerable Software and Affected Versions Allaire JRun versions 2.3.3, 3.0, 3.1

Description The issue allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page. This is achieved by including an #include statement in the request's body.

Recommendations For Allaire JRun versions 2.3.3, 3.0, 3.1, consider restricting access to the SSIFilter to minimize the risk of exploitation. As a temporary workaround, avoid using the #include statement in SSI pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.