CVE-2000-0684

BEA WebLogic 5.1.x - RCE

Title source: llm

Description

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brian Carrier · clocalwindows

https://www.exploit-db.com/exploits/20081

View Code ZIP pw:eip

References (3)

[Various Sources] http://developer.bea.com/alerts/security_000731.html

[Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1525

Scores

EPSS 0.0520

EPSS Percentile 90.0%

Details

Status published

Products (3)

bea/weblogic_server 3.1.8

bea/weblogic_server 4.0.4

bea/weblogic_server 4.5.1

Published Oct 20, 2000

Tracked Since Feb 18, 2026