fkie_cve-2002-2170
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.
References
cve@mitre.orghttp://online.securityfocus.com/archive/1/283418
cve@mitre.orghttp://www.iss.net/security_center/static/9642.php
cve@mitre.orghttp://www.securityfocus.com/bid/5276Exploit
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/archive/1/283418
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9642.php
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5276Exploit
Impacted products
Vendor Product Version
working_resources_inc. badblue enterprise_1.7
working_resources_inc. badblue enterprise_1.7.2
working_resources_inc. badblue enterprise_1.7.3
working_resources_inc. badblue enterprise_1.7.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E744E2D6-5E38-4495-B5E4-B9012DDB9807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F55B4B-ED2E-4D09-AED9-6A96F8D7B1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E063907-A871-41DD-B8A1-CC84FFECBB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "548887BD-0A3F-44B1-9DE5-DFEDD2558DE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared."
    }
  ],
  "id": "CVE-2002-2170",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/283418"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9642.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/5276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/283418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9642.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/5276"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.