Published: 20/10/2000 Updated: 19/12/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote malicious users to add user accounts to the interface by directly calling the admin CGI script.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun solaris answerbook2 1.4.1
sun solaris answerbook2 1.4.2
sun solaris answerbook2 1.3
sun solaris answerbook2 1.4

source: wwwsecurityfocuscom/bid/1554/info A lack of authentication checks for certain scripts within the administration interface of AnswerBook2 versions 142 and prior, for Solaris, allows remote users to create administration accounts By directly accessing the /cgi-bin/admin/admin script present under the AnswerBook2 dwhttpd web serve ...

NVD-CWE-Other http://archives.neohapsis.com/archives/sun/2000-q3/0001.html http://www.securityfocus.com/bid/1554 http://seclists.org/bugtraq/2000/Aug/0105.html http://www.s21sec.com/en/avisos/s21sec-004-en.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/5069 https://nvd.nist.gov https://www.exploit-db.com/exploits/20144/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0696

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect