CVE-2002-0937 – Macromedia JRun 3/4 JSP Engine - Denial of Service
https://notcve.org/view.php?id=CVE-2002-0937
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). • https://www.exploit-db.com/exploits/21536 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html http://www.iss.net/security_center/static/9339.php http://www.securityfocus.com/bid/4997 •
CVE-2002-0801
https://notcve.org/view.php?id=CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html http://online.securityfocus.com/archive/1/274528 http://online.securityfocus.com/archive/1/274601 http://www.cert.org/advisories/CA-2002-14.html http://www.iss.net/security_center/static/9194.php http://www.kb.cert.org/vuls/id/703835 http://www.osvdb.org/5082 http://www.securityfocus.com/bid/4873 •
CVE-2002-0665 – Macromedia JRun 3/4 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2002-0665
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. Macromedia JRun Administration Server permite a atacantes remotos evitar la autenticación para entrar en el sistema, mediante un caracter '/' extra en la URL. • https://www.exploit-db.com/exploits/21582 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html http://marc.info/?l=bugtraq&m=102529402127195&w=2 http://www.iss.net/security_center/static/9450.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 http://www.securityfocus.com/bid/5118 •
CVE-2001-1510
https://notcve.org/view.php?id=CVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. • http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 http://online.securityfocus.com/archive/1/243203 http://www.iss.net/security_center/static/7623.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full http://www.securityfocus.com/archive/1/243636 http://www.securityfocus.com/bid/3592 •
CVE-2001-1545
https://notcve.org/view.php?id=CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. • http://www.iss.net/security_center/static/7679.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full http://www.securityfocus.com/bid/3665 •