Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0118

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0118
Last Modified 10 Sep 2008 03:17:58
Published 12 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0118

Summary

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Vulnerable Systems

Application

  • Microsoft Biztalk Server 2000

  • Microsoft Biztalk Server 2002


References

MS - MS03-016

BUGTRAQ - 20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection


Last Updated: 27 May 2016 10:37:48