CVE-2002-1025 Information

Description

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request which causes the server to send the .JSP file unparsed.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html http://online.securityfocus.com/archive/1/280062 http://www.iss.net/security_center/static/9459.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 http://www.osvdb.org/5028 http://www.securityfocus.com/bid/5134