Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1053

5 documents4 sources
Severity
10.0CRITICAL
EPSS
10.4%
top 6.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Macromedia Jrun
Timeline
PublishedDec 11
Latest updateApr 30

Description

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmacromedia/jrun2.3.x

Patches

Patch: www.allaire.comPatch: www.allaire.com

🔴Vulnerability Details

2
GHSA
GHSA-pphx-q2h9-wq89: Allaire JRun 22022-04-30
CVEList
CVE-2000-1053: Allaire JRun 22000-11-29

💥Exploits & PoCs

2
Exploit-DB
Allaire JRun 2.3 - Arbitrary Code Execution2000-10-23
Exploit-DB
Oracle Web Listener 4.0.x - for NT Batch File2000-03-15