CVE-2002-0665

Description

Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

Affected products

• macromedia / jrun3.0 – 3.0
• macromedia / jrun3.1 – 3.1
• macromedia / jrun4.0 – 4.0

References

• MISChttp://www.macromedia.com/v1/handlers/index.cfm?ID=23164
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
• MISChttp://www.securityfocus.com/bid/5118
• MAILING_LISThttp://marc.info/?l=bugtraq&m=102529402127195&w=2
• MISChttp://www.iss.net/security_center/static/9450.php