CVE-2000-0696 - The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly aut

CVE-2000-0696

Summary

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

References

Vulnerable Configurations

cpe:2.3:a:sun:solaris_answerbook2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1554
bugtraq	20000807 Vulnerabilities in Sun Solaris AnswerBook2 dwhttpd server
misc	http://www.s21sec.com/en/avisos/s21sec-004-en.txt
sun	00196
xf	solaris-answerbook2-admin-interface(5069)

Last major update

19-12-2017 - 02:29

Published

20-10-2000 - 04:00

Last modified

19-12-2017 - 02:29