Back to search
CVE-2000-1247
Published: Oct 5, 2011
Modified: Aug 8, 2024
PUBLISHED
Description
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
8412
third-party-advisory
x_refsource_SREASON
[java-apache-users] 20000929 jserv wrapper error
mailing-list
x_refsource_MLIST
apache-jserv-env-information-disclosure(51946)
vdb-entry
x_refsource_XF
http://archive.apache.org/dist/java/java.apache.org-www.tar.gz
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now