PT-2001-2227 · Allaire · Allaire Jrun

Published

2001-07-02

Updated

2017-10-10

CVE-2001-1084

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Allaire JRun versions 2.3.3 and 3.0

Description A cross-site scripting issue allows a malicious webmaster to embed Javascript in a request for certain file types, including .JSP, .shtml, .jsp10, .jrun, or .thtml, that do not exist. This results in the Javascript being inserted into an error message.

Recommendations For Allaire JRun version 2.3.3, update to a version that fixes this issue. For Allaire JRun version 3.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the error messages generated by the server to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1084

Affected Products

Allaire Jrun

PT-2001-2227 · Allaire · Allaire Jrun

CVE-2001-1084

Related Identifiers

Affected Products

References · 7