CVE-2002-1025
First published: Fri Oct 04 2002(Updated: )
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe JRun | =3.0 | |
| Adobe JRun | =3.1 | |
| Adobe JRun | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1025?
CVE-2002-1025 is considered a medium severity vulnerability due to its potential to expose sensitive JSP source code.
How do I fix CVE-2002-1025?
To fix CVE-2002-1025, it is recommended to upgrade to a version of JRun that is not affected, such as any version later than 4.0.
What versions are affected by CVE-2002-1025?
CVE-2002-1025 affects Macromedia JRun versions 3.0, 3.1, and 4.0.
Can CVE-2002-1025 be exploited remotely?
Yes, CVE-2002-1025 can be exploited remotely by attackers which allows them to read JSP files.
What type of attacks does CVE-2002-1025 enable?
CVE-2002-1025 enables attackers to access unparsed JSP source code, potentially revealing sensitive information.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/macromedia
- canonical/adobe jrun
- version/adobe jrun/3.0
- version/adobe jrun/3.1
- version/adobe jrun/4.0