CVE-2000-0629
Summary
| CVE | CVE-2000-0629 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-07-12 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sun | Java System Web Server | 1.1.3 | All | All | All |
| Application | Sun | Java System Web Server | 2.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| archives.neohapsis.com/archives/bugtraq/2000-07/0163.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit, Patch, Vendor Advisory |
| Sun Java Web Server Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Java Web Server: CERT Advisory CA-2000-02 | af854a3a-2127-422b-91ae-364da2661108 | www.sun.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.