cbcvebase.

Macromedia Jrun vulnerabilities

33 known vulnerabilities affecting macromedia/jrun.

Total CVEs
33
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM22LOW1

Vulnerabilities

Page 2 of 2
CVE-2001-1511P4MEDIUMCVSS 5.0v3.0v3.12001-12-31
CVE-2001-1511 [MEDIUM] CVE-2001-1511: JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
nvd
CVE-2004-1477P4MEDIUMCVSS 4.3v3.0v3.1+1 more2004-12-31
CVE-2004-1477 [MEDIUM] CVE-2004-1477: Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attacke Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
nvd
CVE-2000-0540P4MEDIUMCVSS 5.0v2.32000-06-22
CVE-2000-0540 [MEDIUM] CVE-2000-0540: JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via vi JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
nvd
CVE-2002-1025P4MEDIUMCVSS 5.0v3.0v3.1+1 more2002-10-04
CVE-2002-1025 [MEDIUM] CVE-2002-1025: JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
nvd
CVE-2004-1815P4MEDIUMCVSS 5.0v4.0v4.0_build_616502004-03-15
CVE-2004-1815 [MEDIUM] CVE-2004-1815: Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
nvd
CVE-2002-2186P4MEDIUMCVSS 5.0v3.0v3.1+1 more2002-12-31
CVE-2002-2186 [MEDIUM] CVE-2002-2186: Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via U Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
nvd
CVE-2001-1545P4MEDIUMCVSS 5.0v3.0v3.12001-12-31
CVE-2001-1545 [MEDIUM] CVE-2001-1545: Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client br Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
nvd
CVE-2000-0539P4MEDIUMCVSS 6.4v2.32000-06-22
CVE-2000-0539 [MEDIUM] CVE-2000-0539: Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
nvd
CVE-2000-1049P4MEDIUMCVSS 5.0v3.02000-12-11
CVE-2000-1049 [MEDIUM] CVE-2000-1049: Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
nvd
CVE-2000-1052P4MEDIUMCVSS 5.0v2.3.x2000-12-11
CVE-2000-1052 [MEDIUM] CVE-2000-1052: Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by dire Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
nvd
CVE-2001-0179P4MEDIUMCVSS 5.0v3.02001-05-03
CVE-2001-0179 [MEDIUM] CVE-2001-0179: Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
nvd
CVE-2002-2187P4MEDIUMCVSS 5.0v3.0v3.1+1 more2002-12-31
CVE-2002-2187 [MEDIUM] CVE-2002-2187: Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
nvd
CVE-2005-2306P4LOWCVSS 3.7v4.02005-07-19
CVE-2005-2306 [LOW] CVE-2005-2306: Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
nvd
Macromedia Jrun vulnerabilities | cvebase