CVE-2000-1025

eWave ServletExec 3.0C and earlier - Denial of Service via /servlet/ URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1025. PoCs published by Foundstone Labs.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in Unify eWave ServletExec by sending a crafted HTTP request to the /servlet/ServletExec endpoint, causing a java.net.BindException and halting the ServletExec engine.

Description

eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Foundstone Labs · textdosmultiple

https://www.exploit-db.com/exploits/20336

View Code ZIP pw:eip

This exploit demonstrates a denial of service vulnerability in Unify eWave ServletExec by sending a crafted HTTP request to the /servlet/ServletExec endpoint, causing a java.net.BindException and halting the ServletExec engine.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unify eWave ServletExec

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1868

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97295224226042&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5435

Scores

EPSS 0.0849

EPSS Percentile 94.3%

Details

Status published

Products (1)

unify/ewave_servletexec 3.0c

Published Dec 11, 2000

Tracked Since Feb 18, 2026