Lucene search

[email protected]CVE-2000-1247

HistoryOct 05, 2011 - 2:56 a.m.

CVE-2000-1247

2011-10-0502:56:24

CWE-16

[email protected]

web.nvd.nist.gov

cve-2000-1247

apache jserv

jserv.conf

jdbc passwords

local users

sensitive information.

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an “allow from 127.0.0.1” line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

Affected configurations

NVD

Node

apachejservMatch1.1.2

CPENameOperatorVersion
apache:jservapache jserveq1.1.2

CPE	Name	Operator	Version
apache:jserv	apache jserv	eq	1.1.2

References

archive.apache.org/dist/java/java.apache.org-www.tar.gz

marc.info/?l=java-apache-users&m=97036799917909&w=2

securityreason.com/securityalert/8412

exchange.xforce.ibmcloud.com/vulnerabilities/51946

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2000-1247

cvelist1 nvd1