Every CVE whose affected-product data names Macromedia Jrun, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2000-1053 — CVSS 10.0 (critical): Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack…
CVE-2002-0801 — CVSS 10.0 (critical): Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to…
CVE-2002-0665 — CVSS 10.0 (critical): Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
CVE-2004-0646 — CVSS 10.0 (critical): Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for…
CVE-2002-1310 — CVSS 7.5 (high): Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote…
CVE-2001-1513 — CVSS 7.5 (high): Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a…
CVE-2001-1084 — CVSS 7.5 (high): Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP…
CVE-2005-4472 — CVSS 7.5 (high): Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly…
CVE-2004-2182 — CVSS 7.5 (high): Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID…
CVE-2004-1478 — CVSS 7.5 (high): JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and…
CVE-2000-0539 — CVSS 6.4 (medium): Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the…
CVE-2001-1512 — CVSS 6.4 (medium): Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute…
CVE-2001-1511 — CVSS 5.0 (medium): JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via…
CVE-2001-1510 — CVSS 5.0 (medium): Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows…
CVE-2001-1544 — CVSS 5.0 (medium): Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files…
CVE-2001-1545 — CVSS 5.0 (medium): Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which…
CVE-2001-0926 — CVSS 5.0 (medium): SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in…
CVE-2001-0179 — CVSS 5.0 (medium): Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a…
CVE-2002-0937 — CVSS 5.0 (medium): The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP…
CVE-2002-1025 — CVSS 5.0 (medium): JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the…
CVE-2000-1052 — CVSS 5.0 (medium): Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
CVE-2002-1855 — CVSS 5.0 (medium): Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which…
CVE-2002-2186 — CVSS 5.0 (medium): Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a…
CVE-2002-2187 — CVSS 5.0 (medium): Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
CVE-2000-1051 — CVSS 5.0 (medium): Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
CVE-2004-0928 — CVSS 5.0 (medium): The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass…
CVE-2000-0540 — CVSS 5.0 (medium): JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration…
CVE-2005-4473 — CVSS 5.0 (medium): Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a…
CVE-2000-1050 — CVSS 5.0 (medium): Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an…
CVE-2004-1815 — CVSS 5.0 (medium): Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument…
CVE-2000-1049 — CVSS 5.0 (medium): Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "."…
CVE-2004-1477 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or…
CVE-2005-2306 — CVSS 3.7 (low): Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication…