Sun Java Web Server bboard Servlet Command Execution

The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet comes with default installations of Sun Java Web Server and has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network...

WDK_v1.0.vuln.txt

../ bugs in the Java Web server Development kit built in servlet engine http://localhost:8080/../../../../etc/passwd below is my version info. JavaServertm WDK v1.0 EA elguapo@localhost elguapo$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^'...

CVE-2000-0629

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet...

Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure

source: https://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. http://javawebserver.com/pservlet.html User: sherwin User: floorsoft User: shaw User:...

Sun Java Web Server 1.1.32.0 Servlets - information Disclosure

Sun Java Web Server 1.1.32.0 Servlets - information Disclosure source: https://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server...

Sun's Java Web Server remote command execution vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Sun's Java Web Server ---------------------------------------------------------------------- FS Advisory ID: FS-071000-5-JWS Release Date: July 10, 2000 Product: Java Web Server Vendor: Sun Microsystems...

Дырка в Java Web Server

Одно из приложений на сервере позволяет скомпилировать и запустить любой файл, как JSP-приложение. Таким образом, если атакующий имеет возможность записать файл он может выполнить код. Как минимум одно из демонстрационных приложений - доска объявлений - позволяет запись файлов...

FS-071000-5-JWS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Sun's Java Web Server ---------------------------------------------------------------------- FS Advisory ID: FS-071000-5-JWS Release Date: July 10, 2000 Product: Java Web Server Vendor: Sun Microsystems...

CVE-2000-0629

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet...

CVE-1999-0283

The CVE-1999-0283 issue is described across connected records as a vulnerability in the Java Web Server where remote users could obtain the source code of CGI programs. The materials confirm the affected system (Java Web Server) and the exposure (source disclosure via remote access). No specific ...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

Sun Java Web Server 1.1 Beta - Viewable .jhtml Source

source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. If a URL is submitted requesting a .jhtml file an HTML document with embedded Java sourc...

Sun Java Web Server 1.1 Beta - Viewable .jhtml Source

Sun Java Web Server 1.1 Beta - Viewable .jhtml Source source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. If a URL is submitted requesting a...