CVE-2000-0498

HIGH

Unify eWave ServletExec - Info Disclosure

Title source: llm
STIX 2.1

Description

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

References (3)

Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1328
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/4649
Broken Link, Vendor Advisory mailing-list x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html

Scores

CVSS v3 7.5
EPSS 0.0226
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-178
Status published
Products (1)
unify/ewave_servletexec
Published Jun 08, 2000
Tracked Since Feb 18, 2026