Vulnerability Description
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Jrun | 3.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
- http://online.securityfocus.com/archive/1/280062
- http://www.iss.net/security_center/static/9459.phpPatchVendor Advisory
- http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
- http://www.osvdb.org/5028
- http://www.securityfocus.com/bid/5134ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
- http://online.securityfocus.com/archive/1/280062
- http://www.iss.net/security_center/static/9459.phpPatchVendor Advisory
- http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
- http://www.osvdb.org/5028
- http://www.securityfocus.com/bid/5134ExploitPatchVendor Advisory
FAQ
What is CVE-2002-1025?
CVE-2002-1025 is a vulnerability with a CVSS score of 5.0 (MEDIUM). JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
How severe is CVE-2002-1025?
CVE-2002-1025 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1025?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Jrun.