Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Peter Gründl (pgrundlkpmg.dk)
Date: Mon Jul 01 2002 - 02:17:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


    Title: Jrun sourcecode Disclosure

    BUG-ID: 2002026
    Released: 01st Jul 2002

    It is possible for a malicious user to trick the Jrun webserver into
    disclosing sourcecode.

    - Jrun 4.0 on Windows 2000 Server

    Other versions were not tested!

    There are several strings that can be attacked to a legitimate
    request to fool the webserver into serving up the unparsed .jsp file
    The problem is with the handling of null characters in the request
    string and one way to trigger it is to append a unicoded null to
    the valid request string.

    Vendor URL:
    You can visit the vendor webpage here: http://www.macromedia.com

    Vendor Response:
    This was reported to the vendor on the 17th of May, 2002. On the
    27th of June, 2002, the vendor released a cumulative patch for
    Jrun that includes the patch for this issue.

    Corrective action:
    Read the vendors advisory to determine which patch you need:


    Author: Peter Gründl (pgrundlkpmg.dk)

    KPMG is not responsible for the misuse of the information we provide
    through our security advisories. These advisories are a service to
    the professional security community. In no event shall KPMG be lia-
    ble for any consequences whatsoever arising out of or in connection
    with the use or spread of this information.