CVE-2000-0431 - Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are u

CVE-2000-0431

Summary

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

References

Vulnerable Configurations

cpe:2.3:h:sun:cobalt_raq_2:*:*:*:*:*:*:*:*
cpe:2.3:h:sun:cobalt_raq_2:*:*:*:*:*:*:*:*
cpe:2.3:h:sun:cobalt_raq_3i:*:*:*:*:*:*:*:*
cpe:2.3:h:sun:cobalt_raq_3i:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1238
bugtraq	20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3 20000525 Cobalt Networks - Security Advisory - Frontpage
confirm	http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
osvdb	1346
xf	cobalt-cgiwrap-bypass

Last major update

10-09-2008 - 19:04

Published

22-05-2000 - 04:00

Last modified

10-09-2008 - 19:04