24 Dec 2018

CVE-2000-1247

2.1 Low Severity

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

suggest your own:

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N
Apps (0)
Operating Systems (0)

xtranslations

xdetection

xremediation

Comments (0)
Comments (0)