Unrated severityNVD Advisory· Published Jul 12, 2000· Updated Apr 16, 2026

CVE-2000-0629

Description

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

Affected products

Sun Corporation/Java System Web Server2 versions
cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.sun.com/software/jwebserver/faq/jwsca-2000-02.htmlnvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2000-07/0163.htmlnvdExploitPatchVendor Advisory
www.securityfocus.com/bid/1459nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000