CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 0CVE-2002-0801
https://notcve.org/view.php?id=CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html http://online.securityfocus.com/archive/1/274528 http://online.securityfocus.com/archive/1/274601 http://www.cert.org/advisories/CA-2002-14.html http://www.iss.net/security_center/static/9194.php http://www.kb.cert.org/vuls/id/703835 http://www.osvdb.org/5082 http://www.securityfocus.com/bid/4873 •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2002-0665 – Macromedia JRun 3/4 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2002-0665
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. Macromedia JRun Administration Server permite a atacantes remotos evitar la autenticación para entrar en el sistema, mediante un caracter '/' extra en la URL. • https://www.exploit-db.com/exploits/21582 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html http://marc.info/?l=bugtraq&m=102529402127195&w=2 http://www.iss.net/security_center/static/9450.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 http://www.securityfocus.com/bid/5118 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2001-1513
https://notcve.org/view.php?id=CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. • http://www.iss.net/security_center/static/7680.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full http://www.securityfocus.com/bid/3600 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2001-1510
https://notcve.org/view.php?id=CVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. • http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 http://online.securityfocus.com/archive/1/243203 http://www.iss.net/security_center/static/7623.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full http://www.securityfocus.com/archive/1/243636 http://www.securityfocus.com/bid/3592 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2001-1511
https://notcve.org/view.php?id=CVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". • http://www.iss.net/security_center/static/7676.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22288&Method=Full •