CVE-2000-0629

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

Published: Jul 12, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0629
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / java_system_web_server	1.1.3	1.1.3.x
sun / java_system_web_server	2.0	2.0.x

http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html
http://www.securityfocus.com/bid/1459
http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

Vulnerability Database

289,697

CVE-2000-0629