CVE-2000-1247

Name of the Vulnerable Software and Affected Versions Apache JServ version 1.1.2

Description The default configuration of the jserv-status handler in jserv.conf includes an "allow from 127.0.0.1" line. This allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

Recommendations For Apache JServ version 1.1.2, consider modifying the jserv.conf file to restrict access to the jserv-status handler, limiting it to only trusted sources or disabling it altogether if not necessary. As a temporary workaround, restrict access to the jserv/ URI to minimize the risk of exploitation.