Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1247

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2000-1247
Last Modified 13 Feb 2012 09:07:17
Published 04 Oct 2011 10:56:24
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1247

Summary

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

Vulnerable Systems

Application

  • Apache Jserv 1.1.2


References

CONFIRM - http://archive.apache.org/dist/java/java.apache.org-www.tar.gz

XF - apache-jserv-env-information-disclosure(51946)

MLIST - [java-apache-users] 20000929 jserv wrapper error

SREASON - 8412


Last Updated: 27 May 2016 10:57:24