System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Hw to remove Jrun Sample files

 
SOLVED
Go to solution
sujeet joshi
Frequent Advisor

Hw to remove Jrun Sample files

Hi,

Can anybody tell me how to remove sample installed files in hpux 11iv1.

Some hosts are running the Allaire Jrun web server and has sample files installed.
CGI allows an attacker to download any file from the remote host, with the privileges of the web server.

Ref:
CVE-2000-0539, CVE-2000-0540


Best Regards,
Sujeet
1 REPLY
Matti_Kurkela
Honored Contributor
Solution

Re: Hw to remove Jrun Sample files

By just a bit of Googling using the "CVE-2000-0539":

http://www.iss.net/security_center/reference/vuln/allaire-jrun-read-sample-files.htm

-----
Remedy:

Apply Allaire JRun 2.3.3 Maintenance Patch Build 158, available from the Allaire Web site. See References.

â AND â

Remove all sample code, example applications, tutorials and documentation from production servers. JRun 2.3.x examples are installed in the JRUN_HOME/servlets directory and the JRUN_HOME/jsm-default/services/jws/htdocs directory. Remove all files placed in these directories by the JRun installation. As a rule, sample code and example applications should not be installed on production servers.
-----

I think you can just use the "rm" to remove the files, no special procedures required. But if any components of the production application(s) is placed into those directories, it may be... challenging... to identify the example files.

Allaire seems to be acquired by Macromedia, which is now owned by Adobe. After those migrations, any Web links to Allaire's support documents seem to be broken.

As the CVE code indicates, this security bug was reported in year 2000, which makes it about 9 years old now. It is said "better late than never"; but I would say this is *very* late.

MK
MK