CVE-2000-0629

Sun Java Web Server <2.0 - RCE

Title source: llm

Description

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

References (3)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html

[Patch, Vendor Advisory] http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1459

Scores

EPSS 0.0152

EPSS Percentile 81.0%

Classification

Status draft

Affected Products (2)

sun/java_system_web_server

Timeline

Published Jul 12, 2000

Tracked Since Feb 18, 2026