PT-2000-1617 · Bea · Bea Weblogic

Publicado

2000-10-20

Atualizado

2008-09-10

CVE-2000-0684

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA WebLogic versions 5.1.x

Description The issue is related to improper access restriction to the JSPServlet, allowing remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Recommendations For BEA WebLogic versions 5.1.x, consider restricting access to the JSPServlet to prevent remote attackers from compiling and executing Java JSP code. As a temporary workaround, consider disabling direct invocation of the JSPServlet on source files until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2000-0684

Produtos afetados

Bea Weblogic

PT-2000-1617 · Bea · Bea Weblogic

CVE-2000-0684

Identificadores relacionados

Produtos afetados

Referências · 6