CVE-2002-1025

Опубликовано: 04 окт. 2002

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.

Ссылки

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
http://online.securityfocus.com/archive/1/280062
http://www.iss.net/security_center/static/9459.php
Patch
Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://www.osvdb.org/5028
http://www.securityfocus.com/bid/5134
Exploit
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
http://online.securityfocus.com/archive/1/280062
http://www.iss.net/security_center/static/9459.php
Patch
Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://www.osvdb.org/5028
http://www.securityfocus.com/bid/5134
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00773

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4jfh-2hwx-hrmr

github

больше 3 лет назад