Hi folks - regarding this vulnerability - I am researching Macromedia's new product, Sitespring, which is based on the JRun Server. Would this vulnerability affect it and any other applications that are sold based on the JRun Server?
regards, Edward Apostol instructor, developer, e-commerce, wireless and new media Toronto, ON Canada ----- Original Message ----- From: "Haseltine, Celeste" <[EMAIL PROTECTED]> To: "JRun-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, December 05, 2001 10:49 AM Subject: RE: security alert, IIS and Jrun vulnerability > Tom, > > Thanks for letting everyone on the jrun-talk group know. > > Celeste > > -----Original Message----- > From: Tom Duffy [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 05, 2001 8:21 AM > To: JRun-Talk > Subject: security alert, IIS and Jrun vulnerability > > > fyi > > * DISCLOSURE VULNERABILITY IN ALLAIRE JRUN FOR MICROSOFT IIS > A vulnerability exists in Allaire's JRun for Microsoft Internet > Information Services (IIS) 5.0 and Internet Information Server (IIS) > 4.0 that a remote user can exploit to read any file or directory > located within the webroot. By appending the request with "%3f.jsp," an > attacker can read the webroot files. > The vendor, Allaire, released security bulletin MPSB01-13 to address > this vulnerability and recommends that affected users immediately turn > off directory browsing of the JRun Default Server for two applications: > Default Application and Demo Application. The bulletin lists several > other steps that Allaire customers should follow to protect themselves > from this vulnerability. > http://www.secadministrator.com/articles/index.cfm?articleid=23372 > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
