CVE-2000-0629

Published: Jul 12, 2000Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

Affected (2)

Products: Sun: Java System Web Server

Sun

1 product

Java System Web Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Web Server	Version 1.1.3
Sun Java System Web Server	Version 2.0

References (6)

http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/1459

Source: cve@mitre.org

http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

Source: cve@mitre.org

PatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/1459

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.