CVE-2000-1247

LOW

—CVSS v3

2.1CVSS v2

0.15% EPSS (exploit probability)

CWE-16CWE

Description

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE