SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  JRun Vendors:  Allaire
Allaire's JRun Java Application Server Lets Remote Users Cause Javascript Code to Be Executed in Another User's Browser
Date:  Jun 17 2001 19:20 (UTC/GMT)
Impact:  Execution of arbitrary code via network
Version(s): 3.0 and prior, 3.1
Description:  A vulnerability has been reported in Allaire's JRun Java application server and development environment that allows remote users to cause Javascript to be executed by other users.

JRun is reportedly vulnerable to a URL cross-site scripting attack when installed in the default configuration.

The following request will reportedly cause the server to return the specified JavaScript code in the 'File Not Found' reply sent back to the requesting user.

http://[targethost]/test<script>alert('hacked')</script>.jsp

The Javascript code will then be executed by the requesting user.
Impact:  A remote user can create a web page or send an HTML-based e-mail message containing a specific URL that, when clicked on by the target user or when automatically fetched via Javascript code, will cause code in the URL to be executed by the target user's browser.
Solution:  No vendor solution was available at the time of this entry. The author of the report suggests the following workaround: Reconfigure JRun's default JSP 'file not found' to not include the name of the JSP file that was not found.
Vendor URL:  www.allaire.com/Products/JRun/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Java, Linux (Red Hat), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), Unix (Tru64), Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
Reported By:  Paul Brereton <paul.b@reallyfirst.com>
Message History:   None.

 Source Message Contents
Date:  Sun, 17 Jun 2001 01:34:27 -0500
From:  Paul Brereton <paul.b@reallyfirst.com>
Subject:  JRun Vulnerability

 

JRun is vulnerable to a URL cross-site scripting attack when installed 
with default settings. This allows a hacker to trick users into supplying 
information. It can also be used to attack another user.

The request:

http://ajspsite.example.com/test<script>alert('hacked')</script>.jsp

will cause the server to return the JavaScript code in the reply sent back 
to the user, and the client will execute it. Since the JavaScript appears 
as if it is coming from that server the user can be tricked into trusting 
the code that is displayed.

Vulnerable systems:
JRun versions 3.0 and prior
JRun version 3.1

Solution: Reconfigure JRun's default JSP 'file not found' to not include 
the name of the JSP file that was not found.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC