Vulnerability CVE-2002-0736


Published: 2002-08-12   Modified: 2012-02-12

Description:
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Backoffice 

 References:
http://www.securityfocus.com/bid/4528
http://www.iss.net/security_center/static/8862.php
http://support.microsoft.com/support/kb/articles/q316/8/38.asp
http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html

Copyright 2021, cxsecurity.com

 

Back to Top