Vulnerability in Apache Jserv
CVE-2000-1247
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to t…
EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.
Affected products
- Apache Jserv — versions 1.1.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Exploit)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM, Patch)