Vulnerabilities > CVE-2000-0812 - Unspecified vulnerability in SUN Java System web Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sun

critical

NVD

Published: 2000-11-14

Updated: 2017-12-19

Summary

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Java System WEB Server 1.1.2 SUN Java System WEB Server 1.1.3 SUN Java System WEB Server 1.1_Beta SUN Java System WEB Server 2.0	4

References

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba
http://www.securityfocus.com/bid/1600
http://www.securityfocus.com/templates/advisory.html?id=2542
https://exchange.xforce.ibmcloud.com/vulnerabilities/5135