Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0684

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0684
Last Modified 10 Sep 2008 03:05:37
Published 20 Oct 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0684

Summary

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Vulnerable Systems

Application

  • Bea Weblogic Server 3.1.8

  • Bea Weblogic Server 4.0.4

  • Bea Weblogic Server 4.5.1


References

BID - 1525

BUGTRAQ - 20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution

CONFIRM - http://developer.bea.com/alerts/security_000731.html


Last Updated: 27 May 2016 10:35:50