Exploitation Summary
EIP tracks 1 public exploit for CVE-2000-1114. PoCs published by Wojciech Woch.
AI-analyzed exploit summary This writeup describes an information disclosure vulnerability in Unify eWave ServletExec where appending specific characters to a JSP file URL causes the server to return the source code. The vulnerability is due to improper handling of certain URL-encoded characters.
Description
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
Exploits (1)
This writeup describes an information disclosure vulnerability in Unify eWave ServletExec where appending specific characters to a JSP file URL causes the server to return the source code. The vulnerability is due to improper handling of certain URL-encoded characters.