Vulnerabilities > CVE-2000-1247 - Configuration vulnerability in Apache Jserv 1.1.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |