-------------------------------------------------------------------- Title: Jrun sourcecode Disclosure BUG-ID: 2002026 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible for a malicious user to trick the Jrun webserver into disclosing sourcecode. Vulnerable: =========== - Jrun 4.0 on Windows 2000 Server Other versions were not tested! Details: ======== There are several strings that can be attacked to a legitimate request to fool the webserver into serving up the unparsed .jsp file The problem is with the handling of null characters in the request string and one way to trigger it is to append a unicoded null to the valid request string. Vendor URL: =========== You can visit the vendor webpage here: http://www.macromedia.com Vendor Response: ================ This was reported to the vendor on the 17th of May, 2002. On the 27th of June, 2002, the vendor released a cumulative patch for Jrun that includes the patch for this issue. Corrective action: ================== Read the vendors advisory to determine which patch you need: http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 Author: Peter Gründl (pgrundl@kpmg.dk) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. --------------------------------------------------------------------
