Lucene search
K

65 matches found

Exploit DB
Exploit DB
added 2002/05/22 12:0 a.m.32 views

NewAtlanta ServletExec/ISAPI 4.1 JSPServlet - Denial of Service

// source: https://www.securityfocus.com/bid/4796/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. A denial of service condition occurs when the JSPServlet is sent an overly long request either directly or via...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/05/22 12:0 a.m.33 views

NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure

source: https://www.securityfocus.com/bid/4793/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.23 views

CVE-2000-0498

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

7.5AI score0.02261EPSS
Exploits0References3
CVE
CVE
added 2001/01/22 5:0 a.m.47 views

CVE-2000-0498

The CVE-2000-0498 vulnerability affects Unify eWave ServletExec. A remote attacker could view the source code of a JSP program by requesting a URL that uses the JSP extension in uppercase. Connected sources confirm the affected product and the exact attack vector; PT-2000-1436 notes no informatio...

7.5CVSS7.1AI score0.02261EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.19 views

CVE-2000-1024

eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands...

7.3AI score0.05125EPSS
Exploits0References3
CVE
CVE
added 2001/01/22 5:0 a.m.77 views

CVE-2000-1024

CVE-2000-1024 concerns eWave ServletExec 3.0C and earlier. The vulnerability arises because the server-side UploadServlet is not properly restricted, allowing an attacker to upload arbitrary files to arbitrary directories, which can lead to remote command execution on the affected host. Multiple ...

10CVSS7.4AI score0.05125EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2001/01/09 5:0 a.m.11 views

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...

5CVSS6.9AI score0.02915EPSS
Exploits1References2
CVE
CVE
added 2000/12/19 5:0 a.m.50 views

CVE-2000-1114

The CVE-2000-1114 vulnerability affects Unify ServletExec AS v3.0C. A flaw in the HTTP handling allows remote attackers to read JSP source code by sending an HTTP request that ends with certain characters (e.g., ".", "+", or "%20"). This can expose source contents and partial confidentiality leak...

5CVSS7.2AI score0.02915EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2000/12/19 5:0 a.m.17 views

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...

6.9AI score0.02915EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2000/12/19 12:0 a.m.66 views

Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload

ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution...

10CVSS5.5AI score0.05125EPSS
Exploits0References1
NVD
NVD
added 2000/12/11 5:0 a.m.18 views

CVE-2000-1024

eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands...

10CVSS7.4AI score0.05125EPSS
Exploits0References3
NVD
NVD
added 2000/12/11 5:0 a.m.20 views

CVE-2000-1025

eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running...

5CVSS6.6AI score0.08487EPSS
Exploits1References3
Cvelist
Cvelist
added 2000/11/29 5:0 a.m.19 views

CVE-2000-1025

eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running...

6.6AI score0.08487EPSS
Exploits1References3
CVE
CVE
added 2000/11/29 5:0 a.m.49 views

CVE-2000-1025

CVE-2000-1025 affects eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier. A remote attacker can cause a denial of service by requesting a URL containing the '/servlet/' path, which invokes the ServletExec servlet and triggers an exception if it is already running. Impact: partia...

5CVSS7AI score0.08487EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.36 views

RESIN ServletExec JSP Source Disclosure Vulnerability(Apache 1.3.6 Win2k))

Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.131 views

RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)

Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2000/11/22 12:0 a.m.109 views

Disclosure of JSP source code with ServletExec AS v3.0c + web instance

Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...

Exploits0
exploitpack
exploitpack
added 2000/11/21 12:0 a.m.11 views

Unify eWave ServletExec 3 - .JSP Source Disclosure

Unify eWave ServletExec 3 - .JSP Source Disclosure...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2000/11/21 12:0 a.m.25 views

Unify eWave ServletExec 3 - .JSP Source Disclosure

source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/11/01 12:0 a.m.51 views

Unify eWave ServletExec upload

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Unify eWave ServletExec upload ---------------------------------------------------------------------- FS Advisory ID: FS-103100-16-SRVX Release Date: October 31, 2000 Product: Unify eWave ServletExec 3.0C...

0.3AI score
Exploits0
Rows per page
Query Builder