Vulnerability Details CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
- http://developer.bea.com/alerts/security_000612.html
- http://www.securityfocus.com/bid/1328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4694
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
- http://developer.bea.com/alerts/security_000612.html
- http://www.securityfocus.com/bid/1328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4694
Products affected by CVE-2000-0499
-
cpe:2.3:a:bea:weblogic_server:3.1.8
-
cpe:2.3:a:bea:weblogic_server:4.0
-
cpe:2.3:a:bea:weblogic_server:4.0.4
-
cpe:2.3:a:bea:weblogic_server:4.5
-
cpe:2.3:a:bea:weblogic_server:4.5.1
-
cpe:2.3:a:bea:weblogic_server:5.1
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1
-
cpe:2.3:a:bea:weblogic_server:9.1