Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0500Weblogic Server vulnerability

8 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
6.5%
top 8.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
BEA Weblogic Server
Timeline
PublishedJun 21
Latest updateApr 30

Description

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-j4g2-g246-6526: The default configuration of BEA WebLogic 52022-04-30
CVEList
CVE-2000-0500: The default configuration of BEA WebLogic 52000-10-13

💥Exploits & PoCs

5
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)2001-06-21
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)2001-06-18
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)2001-06-18
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)2001-06-18
Exploit-DB
BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure2000-06-21
CVE-2000-0500 — BEA Weblogic Server vulnerability | cvebase