CVE-2000-0500
published 2000-06-21CVE-2000-0500: The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.61%
90.5th percentile
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)
exploitdb·2001-06-21
CVE-2001-0500 Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)
---
/*
source: https://www.securityfocus.com/bid/2880/info
Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context.
Note that Index Server and Indexing Service do not need to be running for an attacker to exploit this issue. Since 'idq.dll' is installed by default when IIS is installed, IIS would need to be the only service running.
Note also that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all products
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)
exploitdb·2001-06-18
CVE-2001-0500 Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)
---
# source: https://www.securityfocus.com/bid/2880/info
#
# Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context.
#
# Note that Index Server and Indexing Service do not need to be running for an attacker to exploit this issue. Since 'idq.dll' is installed by default when IIS is installed, IIS would need to be the only service running.
#
# Note also that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
exploitdb·2001-06-18
CVE-2001-0500 Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
---
// source: https://www.securityfocus.com/bid/2880/info
Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context.
Note that Index Server and Indexing Service do not need to be running for an attacker to exploit this issue. Since 'idq.dll' is installed by default when IIS is installed, IIS would need to be the only service running.
Note also that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all produc
Exploit-DB
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)
exploitdb·2001-06-18
CVE-2001-0500 Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)
---
# source: https://www.securityfocus.com/bid/2880/info
#
# Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context.
#
# Note that Index Server and Indexing Service do not need to be running for an attacker to exploit this issue. Since 'idq.dll' is installed by default when IIS is installed, IIS would need to be the only service running.
#
# Note also that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all
Exploit-DB
BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
exploitdb·2000-06-21
CVE-2000-0500 BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
---
source: https://www.securityfocus.com/bid/1378/info
Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet.
If an http request is made that includes "/file/", the server calls upon the default servlet which will cause the page to display the source code in the web browser.
http://target/file/filename
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=96161462915381&w=2http://www.securityfocus.com/bid/1378http://www.weblogic.com/docs51/admindocs/http.html#filehttps://exchange.xforce.ibmcloud.com/vulnerabilities/4775http://marc.info/?l=bugtraq&m=96161462915381&w=2http://www.securityfocus.com/bid/1378http://www.weblogic.com/docs51/admindocs/http.html#filehttps://exchange.xforce.ibmcloud.com/vulnerabilities/4775
2000-06-21
Published