Vulnerability CVE-2000-0696
Published: 2000-10-20   Modified: 2012-02-12

Description:
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Solaris answerbook2 

 References:
http://archives.neohapsis.com/archives/sun/2000-q3/0001.html
http://seclists.org/bugtraq/2000/Aug/0105.html
http://www.s21sec.com/en/avisos/s21sec-004-en.txt
http://www.securityfocus.com/bid/1554
https://exchange.xforce.ibmcloud.com/vulnerabilities/5069
Copyright 2024, cxsecurity.com

 

Back to Top