Vulnerability Description
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unify | Ewave Servletexec | 3.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/1970ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/1970ExploitPatchVendor Advisory
FAQ
What is CVE-2000-1114?
CVE-2000-1114 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
How severe is CVE-2000-1114?
CVE-2000-1114 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1114?
Check the references section above for vendor advisories and patch information. Affected products include: Unify Ewave Servletexec.