CVE-2000-0127 - The Webspeed configuration program does not properly disable access to the WSMadmin utility, which a

CVE-2000-0127

Summary

The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

References

http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
http://www.securityfocus.com/bid/969

Vulnerable Configurations

cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:02)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	969
bugtraq	20000203 Webspeed security issue
confirm	http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
xf	webspeed-adminutil-auth

Last major update

10-09-2008 - 19:02

Published

03-02-2000 - 05:00

Last modified

10-09-2008 - 19:02