CVE-2003-1543

CVE-2003-1543 is an XSS vulnerability in Bajie Http Web Server versions 0.95zxe and 0.95zxc (and possibly others) where a remote attacker can inject arbitrary script/HTML via the query string that is reflected in an error message. The cited sources corroborate the vulnerability class (cross-site ...

CVE-2000-0774

The CVE-2000-0774 entry concerns Bajie HTTP web server 0.30a, where the sample Java servlet “test” discloses the real pathname of the web document root. The vulnerability is an information disclosure in which an ordinary request to the test servlet reveals server-side directory paths. The connect...

CVE-2001-0307

CVE-2001-0307 affects Bajie HTTP JServer 0.78 and earlier than 0.80. The vulnerability allows remote command execution via shell metacharacters in an HTTP request for a CGI program that does not exist. NVD lists a CVSS v2 base score of 7.5 (HIGH) with network access, no authentication, and partia...

CVE-2003-1511

The vulnerability CVE-2003-1511 affects Bajie Java HTTP Server 0.95 through 0.95zxv4, where cross-site scripting (XSS) is possible via: (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet. The underlyin...

CVE-2000-0773

Summary: Bajie HTTP web server 0.30a contains a path traversal vulnerability that allows a remote attacker to read arbitrary files by using a URL containing a dot-dot sequence ("...."). The root cause is insufficient validation of path components in the HTTP request, resulting in potential partia...

CVE-2001-0308

The CVE-2001-0308 entry affects Bajie HTTP JServer 0.78 (and possibly earlier than 0.80). The vulnerability is in UploadServlet, which lets a remote attacker upload a program and then (via a modified .. path) access the file created for that program to execute arbitrary commands. The connected do...