|
Family: CGI abuses --> Category: infos
Allaire JRun Directory Listing Vulnerability Scan
Vulnerability Scan Summary Make a request like http://www.example.com/./WEB-INF
Detailed Explanation for this Vulnerability Test
Requesting a URL with '/./' prepended to it
makes the remote Allaire Server display the content of
a remote directory, instead of its index.html file.
A possible hacker may use this flaw to download 'hidden' files on
your server.
Solution : upgrade to JRun 3.0sp2
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|