CVE-2000-1050

EPSS 8.2%

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/20313unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=97236316510117&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/5407 http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full http://www.osvdb.org/500