CVE-2000-0812

4 documents4 sources

Severity

10.0CRITICAL

EPSS

2.5%

top 14.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System WEB Server

Timeline

PublishedNov 14

Latest updateApr 30

Description

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsun/java_system_web_server4 versions+3

Patches

Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-rj9r-c2qp-rvpc: The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke↗2022-04-30

▶

CVEList

CVE-2000-0812: The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke↗2000-10-18

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows XP/2000 - Workstation Service Overflow (MS03-049)↗2003-11-12

▶