| Vulnerability Name: | CVE-2000-0812 (CCN-5135) | ||||||||
| Assigned: | 2000-08-22 | ||||||||
| Published: | 2000-08-22 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Sun Microsystems, Inc. Security Bulletin #00197 Java Web Server Source: MITRE Type: CNA CVE-2000-0629 Source: MITRE Type: CNA CVE-2000-0812 Source: SUN Type: Patch, Vendor Advisory 00197 Source: CCN Type: CIAC Information Bulletin L-033 Sun Java Web Server Vulnerability Source: CCN Type: Foundstone Security Advisory FS-082200-11-JWS Sun's Java Web Server Remote Command Execution on Admin Server Source: CCN Type: OSVDB ID: 10880 Sun Java Web Server com.sun.server.http.pagecompile.jsp92.JspServlet Arbitrary Code Execution Source: CCN Type: OSVDB ID: 406 Sun Java Web Server bboard Servlet Command Execution Source: CCN Type: BID-1459 Sun Java Web Server Vulnerability Source: BID Type: UNKNOWN 1600 Source: CCN Type: BID-1600 Sun Java Web Server Web Admin / Bullettin Board Vulnerability Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.securityfocus.com/templates/advisory.html?id=2542 Source: CCN Type: Sun FAQ page Java Web Server: CERT Advisory CA-2000-02 Source: XF Type: UNKNOWN sunjava-webadmin-bbs(5135) Source: XF Type: UNKNOWN sunjava-webadmin-bbs(5135) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||