GCVE - cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*

part: a version: 2.3.3 update: *

Vendor	Macromedia (`f00ebe2b-9d72-52ca-9cf0-be998a2cdfa0`)
Product	Jrun (`c88cb03c-3324-5ec7-8f39-0771607213fb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2001-1544`	vulnerable	2026-06-03 14:26:12.897117	Details available Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. Published: 2005-07-14T04:00:00.000Z Updated: 2024-09-17T00:46:30.359Z Open on db.gcve.eu Reference links http://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full http://www.iss.net/security_center/static/7678.php http://www.securityfocus.com/bid/3666	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1510`	vulnerable	2026-06-03 14:26:12.831886	Details available Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. Published: 2005-07-14T04:00:00.000Z Updated: 2024-09-16T17:48:06.106Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/7623.php http://www.securityfocus.com/bid/3592 http://www.securityfocus.com/archive/1/243636 http://online.securityfocus.com/archive/1/243203 http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1084`	vulnerable	2026-06-03 14:26:02.920672	Details available Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. Published: 2002-06-25T04:00:00.000Z Updated: 2024-08-08T04:44:07.480Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/6793 http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full http://www.osvdb.org/1891 http://www.securityfocus.com/bid/2983	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0926`	vulnerable	2026-06-03 14:26:02.566383	Details available SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. Published: 2002-02-02T05:00:00.000Z Updated: 2024-08-08T04:37:06.837Z Open on db.gcve.eu Reference links http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full http://marc.info/?l=bugtraq&m=100697797325013&w=2 http://www.securityfocus.com/bid/3589 https://exchange.xforce.ibmcloud.com/vulnerabilities/7622	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.