CVE-2003-0332 - The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first tw

CVE-2003-0332

Summary

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html
http://marc.info/?l=bugtraq&m=105346382524169&w=2

Vulnerable Configurations

cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*
cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 18-10-2016 - 02:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20030520 BadBlue Remote Administrative Interface Access Vulnerability
vulnwatch	20030520 BadBlue Remote Administrative Interface Access Vulnerability

Last major update

18-10-2016 - 02:32

Published

09-06-2003 - 04:00

Last modified

18-10-2016 - 02:32