Lucene search

MitreCVE-2000-0684

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0684

2000-10-2004:00:00

mitre

web.nvd.nist.gov

bea weblogic

cve-2000-0684

java jsp code

remote code execution

security flaw.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Affected configurations

Nvd

Node

beaweblogic_serverMatch3.1.8

beaweblogic_serverMatch4.0.4

beaweblogic_serverMatch4.5.1

VendorProductVersionCPE
beaweblogic_server3.1.8cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*
beaweblogic_server4.0.4cpe:2.3:a:bea:weblogic_server:4.0.4:*:*:*:*:*:*:*
beaweblogic_server4.5.1cpe:2.3:a:bea:weblogic_server:4.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bea	weblogic_server	3.1.8	cpe:2.3:a:bea:weblogic_server:3.1.8:::::::*
bea	weblogic_server	4.0.4	cpe:2.3:a:bea:weblogic_server:4.0.4:::::::*
bea	weblogic_server	4.5.1	cpe:2.3:a:bea:weblogic_server:4.5.1:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-07/0434.html

developer.bea.com/alerts/security_000731.html

www.securityfocus.com/bid/1525

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2000-0684