CVE-2000-1247
CVE-2000-1247 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
Learn more about our Cis Benchmark Audit For Apache Http Server.