Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0696

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0696
Last Modified 24 Sep 2008 12:07:12
Published 20 Oct 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0696

Summary

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Vulnerable Systems

Application

  • Sun Solaris Answerbook2 1.3

  • Sun Solaris Answerbook2 1.4

  • Sun Solaris Answerbook2 1.4.1

  • Sun Solaris Answerbook2 1.4.2


References

BID - 1554

SUN - 00196

XF - solaris-answerbook2-admin-interface(5069)

MISC - http://www.s21sec.com/en/avisos/s21sec-004-en.txt

BUGTRAQ - 20000807 Vulnerabilities in Sun Solaris AnswerBook2 dwhttpd server


Last Updated: 27 May 2016 10:35:50