Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0684 — Weblogic Server vulnerability

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

5.2%

top 10.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

BEA Weblogic Server

Timeline

PublishedOct 20

Latest updateApr 30

Description

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDbea/weblogic_server3.1.8, 4.0.4, 4.5.1+2

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-qm9r-wvg3-383h: BEA WebLogic 5↗2022-04-30

▶

CVEList

CVE-2000-0684: BEA WebLogic 5↗2000-10-13

▶

💥Exploits & PoCs

Exploit-DB

NetZero ZeroPort 3.0 - Weak Encryption Method↗2000-07-18

▶