Vulnerability Description
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Jrun | 2.3.x |
References
- http://marc.info/?l=bugtraq&m=97236125107957&w=2
- http://www.allaire.com/handlers/index.cfm?ID=17969&Method=FullPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5406
- http://marc.info/?l=bugtraq&m=97236125107957&w=2
- http://www.allaire.com/handlers/index.cfm?ID=17969&Method=FullPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5406
FAQ
What is CVE-2000-1053?
CVE-2000-1053 is a vulnerability with a CVSS score of 10.0 (HIGH). Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP...
How severe is CVE-2000-1053?
CVE-2000-1053 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1053?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Jrun.