Short Name |
HTTP:MISC:JRUN-WEB-INF |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Allaire JRun WEB INF Directory Unauthenticated Access |
Release Date |
2016/11/29 |
Update Number |
2807 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit a known vulnerability against Allaire JRun. Successful exploitation could allow remote attackers to directly access the WEB-INF directory.
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").