Unify: >> Ewave Servletexec Security Vulnerabilities
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
CVSS Score
5.0
EPSS Score
0.038
Published
2001-01-09
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.023
Published
2000-12-11
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.
CVSS Score
5.0
EPSS Score
0.056
Published
2000-12-11
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVSS Score
7.5
EPSS Score
0.018
Published
2000-06-08