PT-2001-1153 · Unify · Unify Servletexec As

Published

2001-01-09

Updated

2008-09-05

CVE-2000-1114

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Unify ServletExec AS version 3.0C

Description The issue allows remote attackers to read source code for JSP pages via a specially crafted HTTP request. This can be achieved by appending certain characters, such as ".", or "+", or "%20", to the request.

Recommendations For Unify ServletExec AS version 3.0C, consider restricting access to JSP pages until a fix is available. As a temporary workaround, avoid using HTTP requests that end with special characters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1114

Affected Products

Unify Servletexec As

PT-2001-1153 · Unify · Unify Servletexec As

CVE-2000-1114

Related Identifiers

Affected Products

References · 4