漏洞类别:Web server漏洞等级: 
漏洞信息
Allaire JRun Version 3.0 HTTP servlet server allows remote users to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
漏洞危害
By exploiting this vulnerability, a remote unauthorized user could gain sensitive information contained in the WEB-INF directory.
解决方案
Download the latest version of JRun from Allaire's Web site.
0day
文章评论