Allaire Security Bulletin (ASB00-15) - JRun 2.3.x includes a number of example applications and sample code that expose security issues. JRun 3.0 addresses the viewsource.jsp issue. Allaire strongly recommends that customers follow the best practice of not installing sample code and documentation on production servers, and removing the sample code and documentation files from production servers and restricting access to those directories where they are installed on workstations.
583cfb90648a70c3c326d209d85aa4bf0da94b52d4569f3b24edec6c712872d5