Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0652 — IBM Websphere Application Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

4.2%

top 11.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 24

Latest updateApr 30

Description

IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server2.0, 3.0, 3.0.21+2

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-78c2-6wr9-gc88: IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which co↗2022-04-30

▶

CVEList

CVE-2000-0652: IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which co↗2000-10-13

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere Application Server 2.0./3.0/3.0.2.1 - Showcode↗2000-07-24

▶