CVE-2002-1855

3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.8%
top 26.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Jrun
Timeline
PublishedDec 31
Latest updateApr 30

Description

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmacromedia/jrun3.0, 3.1, 4.0+2

Patches

Patch: www.iss.netPatch: www.macromedia.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-wrgv-ph75-892c: Macromedia JRun 32022-04-30
CVEList
CVE-2002-1855: Macromedia JRun 32005-06-28
CVE-2002-1855 (MEDIUM CVSS 5) | Macromedia JRun 3.0 through 4.0 | cvebase.io