ID CVE-2002-0236
Summary Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
References
Vulnerable Configurations
  • Lucent VitalAnalysis 8.0
    cpe:2.3:a:lucent:vitalanalysis:8.0
  • Lucent VitalAnalysis 8.1
    cpe:2.3:a:lucent:vitalanalysis:8.1
  • Lucent VitalAnalysis 8.2
    cpe:2.3:a:lucent:vitalanalysis:8.2
  • Lucent VitalEvent 8.0
    cpe:2.3:a:lucent:vitalevent:8.0
  • Lucent VitalEvent 8.1
    cpe:2.3:a:lucent:vitalevent:8.1
  • Lucent VitalEvent 8.2
    cpe:2.3:a:lucent:vitalevent:8.2
  • Lucent VitalHelp 8.0
    cpe:2.3:a:lucent:vitalhelp:8.0
  • Lucent VitalHelp 8.1
    cpe:2.3:a:lucent:vitalhelp:8.1
  • Lucent VitalHelp 8.2
    cpe:2.3:a:lucent:vitalhelp:8.2
  • Lucent VitalNet 8.0
    cpe:2.3:a:lucent:vitalnet:8.0
  • Lucent VitalNet 8.1
    cpe:2.3:a:lucent:vitalnet:8.1
  • Lucent VitalNet 8.2
    cpe:2.3:a:lucent:vitalnet:8.2
  • Lucent VitalSuite 8.0
    cpe:2.3:a:lucent:vitalsuite:8.0
  • Lucent VitalSuite 8.1
    cpe:2.3:a:lucent:vitalsuite:8.1
  • Lucent VitalSuite 8.2
    cpe:2.3:a:lucent:vitalsuite:8.2
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Lucent 8.x VitalNet Password Authentication Bypass Vulnerability. CVE-2002-0236. Remote exploit for windows platform
id EDB-ID:21203
last seen 2016-02-02
modified 2002-01-16
published 2002-01-16
reporter Mark Cooper
source https://www.exploit-db.com/download/21203/
title Lucent 8.x VitalNet Password Authentication Bypass Vulnerability
nessus via4
NASL family CGI abuses
NASL id VSSETCOOKIE.NASL
description The VsSetCookie.exe CGI exists on the remote web server. Some versions of this file have an unauthorized access vulnerability. Making a request similar to : http://www.example.com/cgi-bin/VsSetCookie.exe?vsuser= will result in full access if a valid username is provided. Please note Nessus solely relied on the existence of this CGI in reporting this vulnerability.
last seen 2019-02-21
modified 2018-11-15
plugin id 11731
published 2003-06-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11731
title Lucent VitalNet VsSetCookie.exe Unauthorized Access
refmap via4
bid 3784
bugtraq 20020205 Published Report of Vulnerability in Lucent VitalSuite Software
xf vitalnet-unauth-access(7936)
Last major update 17-10-2016 - 22:17
Published 29-05-2002 - 00:00
Back to Top