CVE-2000-0629 - The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to exec

CVE-2000-0629

Summary

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

References

Vulnerable Configurations

cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:2.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1459
bugtraq	20000711 Sun's Java Web Server remote command execution vulnerability
misc	http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

Last major update

10-09-2008 - 19:05

Published

12-07-2000 - 04:00

Last modified

10-09-2008 - 19:05