 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.10814 |
| Category: | Web Servers |
| Title: | Allaire/Macromedia JRun Directory Browsing Vulnerability (MPSB01-13) - Active Check |
| Summary: | Allaire JRun 3.0/3.1 under a Microsoft IIS 4.0/5.0 platform has a; problem handling malformed URLs. This allows a remote user to browse; the file system under the web root (normally \inetpub\wwwroot). |
| Description: | Summary: Allaire JRun 3.0/3.1 under a Microsoft IIS 4.0/5.0 platform has a problem handling malformed URLs. This allows a remote user to browse the file system under the web root (normally \inetpub\wwwroot). Vulnerability Insight: Upon sending a specially formed request to the web server, containing a '.jsp' extension makes the JRun handle the request. Example: http://example.com/%3f.jsp Vulnerability Impact: This vulnerability allows anyone with remote access to the web server to browse it and any directory within the web root. Affected Software/OS: Under Windows NT/2000 (any service pack) and IIS 4.0/5.0: - JRun 3.0 (all editions) - JRun 3.1 (all editions) Solution: From Macromedia Product Security Bulletin (MPSB01-13) Macromedia recommends, as a best practice, turning off directory browsing for the JRun Default Server in the following applications: - Default Application (the application with '/' mapping that causes the security problem) - Demo Application Also, make sure any newly created web application that uses the '/' mapping has directory browsing off. The changes that need to be made in the JRun Management Console or JMC: - JRun Default Server/Web Applications/Default User Application/File Settings/Directory Browsing Allowed set to FALSE. - JRun Default Server/Web Applications/JRun Demo/File Settings/ Directory Browsing Allowed set to FALSE. Restart the servers after making the changes and the %3f.jsp request should now return a 403 forbidden. When this bug is fixed, the request (regardless of directory browsing setting) should return a '404 page not found'. The directory browsing property is called [file.browsedirs]. Changing the property via the JMC will cause the following changes: JRun 3.0 will write [file.browsedirs=false] in the local.properties file. (server-wide change) JRun 3.1 will write [file.browsedirs=false] in the webapp.properties of the application. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-1510 Allaire Security Bulletin: MPSB01-13 http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full BugTraq ID: 3592 http://www.securityfocus.com/bid/3592 Bugtraq: 20011128 def-2001-32 (Google Search) http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 Bugtraq: 20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability (Google Search) http://online.securityfocus.com/archive/1/243203 Bugtraq: 20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability (Google Search) http://www.securityfocus.com/archive/1/243636 http://www.iss.net/security_center/static/7623.php |
| Copyright | Copyright (C) 2005 Felix Huber |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |