CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2CVE-2002-0937 – Macromedia JRun 3/4 JSP Engine - Denial of Service
https://notcve.org/view.php?id=CVE-2002-0937
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). • https://www.exploit-db.com/exploits/21536 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html http://www.iss.net/security_center/static/9339.php http://www.securityfocus.com/bid/4997 •
CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 0CVE-2002-0801
https://notcve.org/view.php?id=CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html http://online.securityfocus.com/archive/1/274528 http://online.securityfocus.com/archive/1/274601 http://www.cert.org/advisories/CA-2002-14.html http://www.iss.net/security_center/static/9194.php http://www.kb.cert.org/vuls/id/703835 http://www.osvdb.org/5082 http://www.securityfocus.com/bid/4873 •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2002-0665 – Macromedia JRun 3/4 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2002-0665
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. Macromedia JRun Administration Server permite a atacantes remotos evitar la autenticación para entrar en el sistema, mediante un caracter '/' extra en la URL. • https://www.exploit-db.com/exploits/21582 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html http://marc.info/?l=bugtraq&m=102529402127195&w=2 http://www.iss.net/security_center/static/9450.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 http://www.securityfocus.com/bid/5118 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1512
https://notcve.org/view.php?id=CVE-2001-1512
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. • http://www.iss.net/security_center/static/7677.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22287 http://www.securityfocus.com/bid/3662 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2001-1513
https://notcve.org/view.php?id=CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. • http://www.iss.net/security_center/static/7680.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full http://www.securityfocus.com/bid/3600 •