CVE-2000-0684
First published: Fri Oct 13 2000(Updated: )
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =3.1.8 | |
| Oracle WebLogic Server | =4.0.4 | |
| Oracle WebLogic Server | =4.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-0684?
CVE-2000-0684 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2000-0684?
To fix CVE-2000-0684, you should update your BEA WebLogic Server to a version that addresses this vulnerability.
What are the potential impacts of CVE-2000-0684?
The potential impacts of CVE-2000-0684 include unauthorized access to sensitive information and the execution of arbitrary Java code.
Which versions of WebLogic Server are affected by CVE-2000-0684?
CVE-2000-0684 affects BEA WebLogic Server versions 3.1.8, 4.0.4, and 4.5.1.
Can CVE-2000-0684 be exploited remotely?
Yes, CVE-2000-0684 can be exploited remotely, allowing attackers to invoke the JSPServlet and execute malicious code.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/3.1.8
- version/oracle weblogic server/4.0.4
- version/oracle weblogic server/4.5.1