Lucene search

[email protected]CVE-2000-0685

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0685

2000-10-2004:00:00

[email protected]

web.nvd.nist.gov

weblogic 5.1.x

pagecompileservlet

java jhtml compilation

remote attack

nvd.

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

92.0%

JSON

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

Affected configurations

NVD

Node

beaweblogic_serverMatch3.1.8

beaweblogic_serverMatch4.0.4

beaweblogic_serverMatch4.5.1

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq3.1.8
bea:weblogic_serverbea weblogic servereq4.0.4
bea:weblogic_serverbea weblogic servereq4.5.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	3.1.8
bea:weblogic_server	bea weblogic server	eq	4.0.4
bea:weblogic_server	bea weblogic server	eq	4.5.1

References

archives.neohapsis.com/archives/bugtraq/2000-07/0434.html

developer.bea.com/alerts/security_000731.html

www.securityfocus.com/bid/1525

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2000-0685

cvelist1 nvd1