CVE-2002-0665

Macromedia JRun - Unauthenticated Authentication Bypass via Extra Slash in URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0665. PoCs published by Matt Moore.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Macromedia JRun by appending an extra '/' to the URL, allowing unauthorized access to administrative functions such as shutting down the server.

Description

Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matt Moore · textremotewindows
https://www.exploit-db.com/exploits/21582

This exploit demonstrates an authentication bypass vulnerability in Macromedia JRun by appending an extra '/' to the URL, allowing unauthorized access to administrative functions such as shutting down the server.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Macromedia JRun
No auth needed
Prerequisites: Network access to the JRun server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5118
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102529402127195&w=2
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9450.php

Scores

EPSS 0.1072
EPSS Percentile 95.3%

Details

Status published
Products (3)
macromedia/jrun 3.0
macromedia/jrun 3.1
macromedia/jrun 4.0
Published Jul 11, 2002
Tracked Since Feb 18, 2026