Allaire JRun Web Server Directory Traversal Vulnerability

JRun is a web server implementation distributed by Allaire.

JRun does not handle path identifiers correctly, such as the dot-dot-slash (../) identifier, making it possible for a user to escape the web root directory. This vulnerability could be exploited to gather intelligence on a vulnerable host, and could potentially lead to a remote user gaining such information as usernames, system configuration information, or user-owned files that do not have restrictive permissions set.


 

Privacy Statement
Copyright 2010, SecurityFocus