The first vulnerability could allow an attacker to view arbitrary files or directories that are supposed to be hidden, such as the WEB-INF directory. This is accomplished by sending a malformed request which includes an extraneous slash character before the directory name. JRun 3.0 and 3.0 SP1 are vulnerable to this attack.
The second vulnerability could allow an attacker to view arbitrary files. By making a request to the SSIFilter servlet including the "../" string, it is possible to escape from the web root and view any file on the system. JRun 2.3.3 is affected by this vulnerability.
A third vulnerability could allow an attacker to execute arbitrary commands on the server. In order to exploit this vulnerability, there would need to be an application on the server which writes user input to a file on the server. The attacker would need to be able to guess the location of that file. By putting JSP commands in the input to the application, and then executing the resulting file as a JSP page using the JSP servlet, arbitrary code could be executed on the server. JRun 2.3.3 is affected by this vulnerability.