fyi * DISCLOSURE VULNERABILITY IN ALLAIRE JRUN FOR MICROSOFT IIS A vulnerability exists in Allaire's JRun for Microsoft Internet Information Services (IIS) 5.0 and Internet Information Server (IIS) 4.0 that a remote user can exploit to read any file or directory located within the webroot. By appending the request with "%3f.jsp," an attacker can read the webroot files. The vendor, Allaire, released security bulletin MPSB01-13 to address this vulnerability and recommends that affected users immediately turn off directory browsing of the JRun Default Server for two applications: Default Application and Demo Application. The bulletin lists several other steps that Allaire customers should follow to protect themselves from this vulnerability. http://www.secadministrator.com/articles/index.cfm?articleid=23372
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
