CVE-2001-1544

Description

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

Affected products

• macromedia / jrun2.3.3 – 2.3.3
• macromedia / jrun3.0 – 3.0
• macromedia / jrun3.1 – 3.1

References

• MISChttp://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full
• MISChttp://www.iss.net/security_center/static/7678.php
• MISChttp://www.securityfocus.com/bid/3666