Bugtraq mailing list archives

RE: def-2001-32 - Allaire JRun directory browsing vulnerability

From: "George Hedfors" <george.hedfors () defcom com>
Date: Thu, 29 Nov 2001 12:03:57 +0100

That Apache must be running some JRun engine, could you find out wich?

Regards, George

-----Original Message-----
From: Felix Huber [mailto:huberfelix () webtopia de]
Sent: den 29 november 2001 11:55
To: George Hedfors; bugtraq () securityfocus com
Subject: Re: def-2001-32 - Allaire JRun directory browsing vulnerability

------------------------=[Affected Systems]=--------------------------
Under Windows NT/2000(any service pack) and IIS 4.0/5.0:
- JRun 3.0 (all editions)
- JRun 3.1 (all editions)
----------------------=[Detailed Description]=------------------------
Upon sending a specially formed request to the web server, containing
a '.jsp' extension makes the JRun handle the request. Example:

http://www.victim.com/%3f.jsp


Not only IIS is affected, i found a vulnerable Site running Apache 1.3.19 on
Solaris.

A NASL Script is attached to find affected systems.


MfG
Felix Huber


-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix () webtopia de     (07668)  951 156 (phone)
http://www.webtopia.de     (07668)  951 157 (fax)
                                         (01792)  205 724 (mobile)
-------------------------------------------------------

Current thread:

Re: def-2001-32 - Allaire JRun directory browsing vulnerability Felix Huber (Nov 29)
- Re: def-2001-32 - Allaire JRun directory browsing vulnerability Felix Huber (Nov 30)
- <Possible follow-ups>
- RE: def-2001-32 - Allaire JRun directory browsing vulnerability George Hedfors (Nov 29)
- Re: def-2001-32 - Allaire JRun directory browsing vulnerability null null (Nov 30)