Unrated severityNVD Advisory· Published Oct 4, 2002· Updated Jun 16, 2026
CVE-2002-1025
CVE-2002-1025
Description
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
Affected products
4cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
- (no CPE)range: >=3.0 <=4.0
Patches
Vulnerability mechanics
References
6- www.iss.net/security_center/static/9459.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/5134nvdExploitPatchVendor Advisory
- archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.htmlnvd
- online.securityfocus.com/archive/1/280062nvd
- www.macromedia.com/v1/handlers/index.cfmnvd
- www.osvdb.org/5028nvd
News mentions
0No linked articles in our index yet.