CVE-2000-0499

HIGH7.5

Description

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

bea / weblogic_server
bea / weblogic_server3.1.8 – 4.5.1

References

MISChttp://www.securityfocus.com/bid/1328
MISChttp://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
MISChttp://developer.bea.com/alerts/security_000612.html
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/4694