CVE-2000-0684

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Published: Oct 20, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0684
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	4.5.1	4.5.1.x
bea / weblogic_server	3.1.8	3.1.8.x
bea / weblogic_server	4.0.4	4.0.4.x

http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
http://developer.bea.com/alerts/security_000731.html
http://www.securityfocus.com/bid/1525

Vulnerability Database

289,599

CVE-2000-0684