Vulnerability in Apache Jserv

CVE-2000-1247

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to t…

EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References