CVE-2001-1510 Information

Description

Allaire JRun 2.3.3 3.0 and 3.1 running on IIS 4.0 and 5.0 iPlanet Apache JRun web server (JWS) and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) \3f.jsp\ (2) ?.jsp\ or (3) ?\ to the requested URL.

Reference

http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 http://online.securityfocus.com/archive/1/243203 http://www.iss.net/security_center/static/7623.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full http://www.securityfocus.com/archive/1/243636 http://www.securityfocus.com/bid/3592