CVE-2001-0307

Bajie HTTP JServer < 0.80 - Remote Code Execution via Shell Metacharacters in CGI Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0307. PoCs published by joetesta.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Bajie Webserver by appending arbitrary shell commands to a URL after a semicolon. The server executes the commands as an independent job, leading to remote code execution.

Description

Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.

Exploits (1)

exploitdb WORKING POC VERIFIED

by joetesta · textremotemultiple

https://www.exploit-db.com/exploits/20639

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Bajie Webserver by appending arbitrary shell commands to a URL after a semicolon. The server executes the commands as an independent job, leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Bajie Webserver

No auth needed

Prerequisites: Target running Bajie Webserver · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://www.geocities.com/gzhangx/websrv/docs/security.html

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html

Scores

EPSS 0.0766

EPSS Percentile 93.8%

Details

CWE

CWE-94

Status published

Products (1)

bajie/java_http_server < 0.79

Published May 03, 2001

Tracked Since Feb 18, 2026