CVE-2001-0307

Bajie Java HTTP Server < 0.79 - Code Injection

Title source: rule

Description

Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.

Exploits (1)

exploitdb WORKING POC VERIFIED

by joetesta · textremotemultiple

https://www.exploit-db.com/exploits/20639

View Code ZIP pw:eip

References (2)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html

[Various Sources] http://www.geocities.com/gzhangx/websrv/docs/security.html

Scores

EPSS 0.0602

EPSS Percentile 90.5%

Classification

CWE

CWE-94

Status draft

Affected Products (1)

bajie/java_http_server < 0.79

Timeline

Published May 03, 2001

Tracked Since Feb 18, 2026