VULHUB ™

JRun is a web server implementation distributed by Allaire. JRun does not handle path identifiers correctly, such as the dot-dot-slash (../) identifier, making it possible for a user to escape the web root directory. This vulnerability could be exploited to gather intelligence on a vulnerable host, and could potentially lead to a remote user gaining such information as usernames, system configuration information, or user-owned files that do not have restrictive permissions set.

JRun is a web server implementation distributed by Allaire. JRun does not handle path identifiers correctly, such as the dot-dot-slash (../) identifier, making it possible for a user to escape the web root directory. This vulnerability could be exploited to gather intelligence on a vulnerable host, and could potentially lead to a remote user gaining such information as usernames, system configuration information, or user-owned files that do not have restrictive permissions set.