Lucene search

[email protected]CVE-2000-0629

HistoryAug 03, 2000 - 4:00 a.m.

CVE-2000-0629

2000-08-0304:00:00

[email protected]

web.nvd.nist.gov

sun

java

web server

version 2.0

remote upload

command execution

cve

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

Affected configurations

NVD

Node

sunjava_system_web_serverMatch1.1.3

sunjava_system_web_serverMatch2.0

CPENameOperatorVersion
sun:java_system_web_serversun java system web servereq1.1.3
sun:java_system_web_serversun java system web servereq2.0

CPE	Name	Operator	Version
sun:java_system_web_server	sun java system web server	eq	1.1.3
sun:java_system_web_server	sun java system web server	eq	2.0

References

archives.neohapsis.com/archives/bugtraq/2000-07/0163.html

www.securityfocus.com/bid/1459

www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVE-2000-0629

nessus1 cvelist1 nvd1