CVE-2000-0629

Sun Java System Web Server 2.0 and earlier - Remote Code Execution via JSP Compiler Servlet

Title source: llm
STIX 2.1

Description

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1459
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html
Patch, Vendor Advisory x_refsource_misc
http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html

Scores

EPSS 0.0152
EPSS Percentile 81.4%

Details

Status published
Products (2)
sun/java_system_web_server 1.1.3
sun/java_system_web_server 2.0
Published Jul 12, 2000
Tracked Since Feb 18, 2026