JRun Sample Files Network Vulnerability

Summary

This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information.

Solution

Sample files should never be left on production servers. Remove the sample files and any other files that are not required.

Severity

Classification

CVE CVE-2000-0539

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

IIS Possible Compromise
F-Secure Products Security Bypass Vulnerability (Linux)
F-Secure Products Malware Detection Bypass Vulnerability (Win)
SMTP server on a strange port
JRun Sample Files

Take action and discover your vulnerabilities