{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) \"%3f.jsp\", (2) \"?.jsp\" or (3) \"?\" to the requested URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-07-14T04:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "allaire-jrun-view-directory(7623)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7623.php"}, {"name": "3592", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3592"}, {"name": "20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/243636"}, {"name": "20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/243203"}, {"name": "20011128 def-2001-32", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"}, {"name": "MPSB01-13", "tags": ["vendor-advisory", "x_refsource_ALLAIRE"], "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1510", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) \"%3f.jsp\", (2) \"?.jsp\" or (3) \"?\" to the requested URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "allaire-jrun-view-directory(7623)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7623.php"}, {"name": "3592", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3592"}, {"name": "20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/243636"}, {"name": "20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/243203"}, {"name": "20011128 def-2001-32", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"}, {"name": "MPSB01-13", "refsource": "ALLAIRE", "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:58:11.631Z"}, "title": "CVE Program Container", "references": [{"name": "allaire-jrun-view-directory(7623)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7623.php"}, {"name": "3592", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3592"}, {"name": "20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/243636"}, {"name": "20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/243203"}, {"name": "20011128 def-2001-32", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"}, {"name": "MPSB01-13", "tags": ["vendor-advisory", "x_refsource_ALLAIRE", "x_transferred"], "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1510", "datePublished": "2005-07-14T04:00:00.000Z", "dateReserved": "2005-07-14T00:00:00.000Z", "dateUpdated": "2024-09-16T17:48:06.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macromedia:jrun:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA955BB7-2B8A-4534-A0F6-AEBD6875EB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "96D6C1D6-F9AF-4CF0-9F80-AB2C20C7615C", "vulnerable": true}, {"criteria": "cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "462BA0C4-D941-4C58-86DF-BF76663723F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) \"%3f.jsp\", (2) \"?.jsp\" or (3) \"?\" to the requested URL."}], "id": "CVE-2001-1510", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"}, {"source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/243203"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.iss.net/security_center/static/7623.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/243636"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/243203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.iss.net/security_center/static/7623.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/243636"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3592"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}