CVE-2002-1025

3 documents3 sources
Severity
5.0MEDIUM
EPSS
1.8%
top 17.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Jrun
Timeline
PublishedOct 4
Latest updateApr 30

Description

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmacromedia/jrun3.0, 3.1, 4.0+2

Patches

Patch: www.iss.netPatch: www.securityfocus.comPatch: www.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-4jfh-2hwx-hrmr: JRun 32022-04-30
CVEList
CVE-2002-1025: JRun 32003-04-02
CVE-2002-1025 (MEDIUM CVSS 5) | JRun 3.0 through 4.0 allows remote | cvebase.io