[23323] in bugtraq
RE: def-2001-32 - Allaire JRun directory browsing vulnerability
daemon@ATHENA.MIT.EDU (George Hedfors)
Thu Nov 29 20:52:59 2001
From: "George Hedfors" <george.hedfors@defcom.com>
To: "Felix Huber" <huberfelix@webtopia.de>,
"BugTraq" <bugtraq@securityfocus.com>
Date: Thu, 29 Nov 2001 12:03:57 +0100
Message-ID: <PKEMKDGKMFGJMOHGPHFPAEBJCAAA.george.hedfors@defcom.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <020401c178c4$3b322630$0205a8c0@athlon>
That Apache must be running some JRun engine, could you find out wich?
Regards, George
-----Original Message-----
From: Felix Huber [mailto:huberfelix@webtopia.de]
Sent: den 29 november 2001 11:55
To: George Hedfors; bugtraq@securityfocus.com
Subject: Re: def-2001-32 - Allaire JRun directory browsing vulnerability
> ------------------------=[Affected Systems]=--------------------------
> Under Windows NT/2000(any service pack) and IIS 4.0/5.0:
> - JRun 3.0 (all editions)
> - JRun 3.1 (all editions)
> ----------------------=[Detailed Description]=------------------------
> Upon sending a specially formed request to the web server, containing
> a '.jsp' extension makes the JRun handle the request. Example:
>
> http://www.victim.com/%3f.jsp
Not only IIS is affected, i found a vulnerable Site running Apache 1.3.19 on
Solaris.
A NASL Script is attached to find affected systems.
MfG
Felix Huber
-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix@webtopia.de (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------
