CVE-2001-0926
First published: Wed Nov 28 2001(Updated: )
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe JRun | =3.1 | |
| Adobe JRun | =2.3.3 | |
| Adobe JRun | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0926?
CVE-2001-0926 is considered a high severity vulnerability due to the potential exposure of sensitive source code.
How do I fix CVE-2001-0926?
To fix CVE-2001-0926, upgrade to a version of Allaire JRun that does not exhibit this vulnerability.
What does CVE-2001-0926 allow attackers to do?
CVE-2001-0926 allows remote attackers to access the source code for JSP files and other files in the web root.
Which versions of Allaire JRun are affected by CVE-2001-0926?
CVE-2001-0926 affects Allaire JRun versions 2.3.3, 3.0, and 3.1.
How can I determine if my system is vulnerable to CVE-2001-0926?
You can determine if your system is vulnerable to CVE-2001-0926 by checking the version of Allaire JRun you are running and testing for unauthorized access to JSP files.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/macromedia
- canonical/adobe jrun
- version/adobe jrun/3.1
- version/adobe jrun/2.3.3
- version/adobe jrun/3.0