OSVDB ID: 85296

Title: Allaire JRun com.livesoftware.jrun.plugins.ssi.SSIFilter Traversal Arbitrary JSP File Source Disclosure

Info

Disclosure

Oct 23, 2000

Discovery

Unknown

Dates

Exploit

Oct 23, 2000

Solution

Unknown

Description

Allaire JRun contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to com.livesoftware.jrun.plugins.ssi.SSIFilter not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to gain access to a JSP file source.

Classification

Location: Remote / Network Access
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Allaire has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Allaire

JRun

2.3

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/85296