Lucene search
HistoryJan 22, 2001 - 5:00 a.m.
CVE-2000-1050
cve-2000-1050
allaire jrun
remote attack
url manipulation
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.015 Low
EPSS
Percentile
86.9%
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra “/” in the beginning of the request (aka the “extra leading slash”).
Affected configurations
Node
macromediajrunMatch3.0
ORmacromediajrunMatch3.0sp1
| CPE | Name | Operator | Version |
|---|---|---|---|
| macromedia:jrun | macromedia jrun | eq | 3.0 |
Related
cvelist
cvelist
CVE-2000-1050
2001-01-22 05:00:00
CVE-2001-1512
2005-07-14 04:00:00
nvd
nvd
CVE-2000-1050
2000-12-11 05:00:00
CVE-2001-1512
2001-12-31 05:00:00
nessus
nessus
Allaire JRun Crafted Request Forced Directory Listing
2001-01-29 00:00:00
cve
cve
CVE-2001-1512
2005-07-14 04:00:00
openvas
openvas
'//WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-02-01 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.015 Low
EPSS
Percentile
86.9%
Related for CVE-2000-1050