CVE-2000-1053

Allaire JRun 2.3.3 - Remote Code Execution via JSP Servlet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1053. PoCs published by Foundstone Labs.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in JRun that allows arbitrary JSP file execution by prefixing paths with '/servlet/'. This can lead to remote code execution if an attacker can control file content on the server.

Description

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Foundstone Labs · textremotemultiple

https://www.exploit-db.com/exploits/20314

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in JRun that allows arbitrary JSP file execution by prefixing paths with '/servlet/'. This can lead to remote code execution if an attacker can control file content on the server.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: JRun (version not specified)

No auth needed

Prerequisites: Knowledge of target file paths · Ability to write JSP code to a file on the server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_allaire

http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97236125107957&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5406

Scores

EPSS 0.0599

EPSS Percentile 92.4%

Details

Status published

Products (1)

macromedia/jrun 2.3.x

Published Dec 11, 2000

Tracked Since Feb 18, 2026