ID CVE-2003-0332
Summary The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
References
Vulnerable Configurations
  • cpe:2.3:a:working_resources_inc.:badblue:2.2
    cpe:2.3:a:working_resources_inc.:badblue:2.2
CVSS
Base: 7.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability. CVE-2003-0332. Remote exploit for windows platform
id EDB-ID:22620
last seen 2016-02-02
modified 2003-05-20
published 2003-05-20
reporter mattmurphy
source https://www.exploit-db.com/download/22620/
title Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability
nessus via4
NASL family Web Servers
NASL id BADBLUE_REMOTE_ADMINISTRATIVE_ACCESS.NASL
description The remote host is running the BadBlue web server earlier than 2.2. Such versions are reportedly affected by an authentication bypass vulnerability. It is possible for an attacker to gain administrative access using a filename with a .ats extension instead of a .hts extension.
last seen 2019-01-16
modified 2018-11-15
plugin id 11554
published 2003-04-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11554
title BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass
refmap via4
bugtraq 20030520 BadBlue Remote Administrative Interface Access Vulnerability
vulnwatch 20030520 BadBlue Remote Administrative Interface Access Vulnerability
Last major update 17-10-2016 - 22:32
Published 09-06-2003 - 00:00
Back to Top