SecurityTracker: Allaire's JRun Java Application Server Lets Remote Users Cause Javascript Code to Be Executed in Another User's Browser

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Macromedia JRun

Vendors: Allaire

Allaire's JRun Java Application Server Lets Remote Users Cause Javascript Code to Be Executed in Another User's Browser

SecurityTracker Alert ID: 1001771

SecurityTracker URL: http://securitytracker.com/id/1001771

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 17 2001

Impact: Execution of arbitrary code via network

Version(s): 3.0 and prior, 3.1

Description: A vulnerability has been reported in Allaire's JRun Java application server and development environment that allows remote users to cause Javascript to be executed by other users.

JRun is reportedly vulnerable to a URL cross-site scripting attack when installed in the default configuration.

The following request will reportedly cause the server to return the specified JavaScript code in the 'File Not Found' reply sent back to the requesting user.

http://[targethost]/test<script>alert('hacked')</script>.jsp

The Javascript code will then be executed by the requesting user.

Impact: A remote user can create a web page or send an HTML-based e-mail message containing a specific URL that, when clicked on by the target user or when automatically fetched via Javascript code, will cause code in the URL to be executed by the target user's browser.

Solution: No vendor solution was available at the time of this entry. The author of the report suggests the following workaround: Reconfigure JRun's default JSP 'file not found' to not include the name of the JSP file that was not found.

Vendor URL: www.allaire.com/Products/JRun/ (Links to External Site)

Cause: Input validation error

Underlying OS: Java, Linux (Red Hat Linux), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History: None.

Source Message Contents

Date: Sun, 17 Jun 2001 01:34:27 -0500
Subject: JRun Vulnerability


JRun is vulnerable to a URL cross-site scripting attack when installed 
with default settings. This allows a hacker to trick users into supplying 
information. It can also be used to attack another user.

The request:

http://ajspsite.example.com/test<script>alert('hacked')</script>.jsp

will cause the server to return the JavaScript code in the reply sent back 
to the user, and the client will execute it. Since the JavaScript appears 
as if it is coming from that server the user can be tricked into trusting 
the code that is displayed.

Vulnerable systems:
JRun versions 3.0 and prior
JRun version 3.1

Solution: Reconfigure JRun's default JSP 'file not found' to not include 
the name of the JSP file that was not found.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC