Vulnerability Assessment & Network Security Forums
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.
Vulnerability Assessment Details
Allaire JRun directory browsing vulnerability
Detailed Explanation for this Vulnerability Assessment
Allaire JRun 3.0/3.1 under a Microsoft IIS 4.0/5.0 platform has a
problem handling malformed URLs. This permits a remote user to browse
the file system under the web root (normally \inetpub\wwwroot).
Under Windows NT/2000(any service pack) and IIS 4.0/5.0:
- JRun 3.0 (all editions)
- JRun 3.1 (all editions)
Upon sending a specially formed request to the web server, containing
a '.jsp' extension makes the JRun handle the request. Example:
This vulnerability permits anyone with remote access to the web server
to browse it and any directory within the web root.
>From Macromedia Product Security Bulletin (MPSB01-13)
Macromedia recommends, as a best practice, turning off directory
browsing for the JRun Default Server in the following applications:
- Default Application (the application with '/' mapping that causes
the security problem)
- Demo Application
Also, make sure any newly created web application that uses the '/'
mapping has directory browsing off.
The changes that need to be made in the JRun Management Console or JMC:
- JRun Default Server/Web Applications/Default User Application/File
Settings/Directory Browsing Allowed set to FALSE.
- JRun Default Server/Web Applications/JRun Demo/File Settings/
Directory Browsing Allowed set to FALSE.
Restart the servers after making the changes and the %3f.jsp request
should now return a 403 forbidden. When this bug is fixed, the request
(regardless of directory browsing setting) should return a '404 page
The directory browsing property is called [file.browsedirs]. Changing
the property via the JMC will cause the following changes:
JRun 3.0 will write [file.browsedirs=false] in the local.properties
file. (server-wide change)
JRun 3.1 will write [file.browsedirs=false] in the webapp.properties
of the application.
Network Security Threat Level: Medium
Networks Security ID: 3592
Vulnerability Assessment Copyright: This script is Copyright (C) 2001 Felix Huber
|Dell R720 Dual E5-2680 v2 10C 2.8GHz 256GB 2x 146GB SAS H710 8 Bay 2.5in
|Dell PowerEdge R720 Server Dual E5-2690 v2 10C 3.0GHz 128GB 4x 1TB SAS 3.5in 8B
|Dell R720 Dual E5-2680 v2 10C 2.8GHz 64GB 2x 300GB SAS H710 8 Bay 2.5in
|HP Z600 Workstation Intel Xeon 8 Core 2.93GHz 48GB RAM SSD HD NVIDIA Win 10 Pro
No Discussions have been posted on this vulnerability.