CVE-2000-0697 - The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface user

CVE-2000-0697

Summary

The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.

References

Vulnerable Configurations

cpe:2.3:a:sun:solaris_answerbook2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_answerbook2:1.4.2:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 24-09-2008 - 04:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	1556
bugtraq	20000807 Vulnerabilities in Sun Solaris AnswerBook2 dwhttpd server
misc	http://www.s21sec.com/en/avisos/s21sec-004-en.txt
sun	00196
xf	solaris-answerbook2-remote-execution(5058)

Last major update

24-09-2008 - 04:07

Published

20-10-2000 - 04:00

Last modified

24-09-2008 - 04:07