Vulnerability CVE-2001-0972


Published: 2001-08-31   Modified: 2012-02-12

Description:
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Surf-net -> Asp forum 

 References:
http://marc.info/?l=bugtraq&m=99834088223352&w=2
http://www.securityfocus.com/bid/3210
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011

Copyright 2024, cxsecurity.com

 

Back to Top