Published: 12/08/2002 Updated: 10/09/2008

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 380

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun cobalt raq 2
sun cobalt raq 3i
sun cobalt raq 4

source: wwwsecurityfocuscom/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services It is distributed and maintained by Sun Microsystems The 'MultiFileUploadphp' script is not sufficiently protected from outside access While other sensitive administrative scripts are protected with HTTP authentication, 'MultiFile ...

source: wwwsecurityfocuscom/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services It is distributed and maintained by Sun Microsystems The 'MultiFileUploadphp' script is not sufficiently protected from outside access While other sensitive administrative scripts are protected with HTTP authentication, 'MultiFileUp ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2002-03/0081.html http://www.securityfocus.com/bid/4252 https://nvd.nist.gov https://www.exploit-db.com/exploits/21335/

CVE-2002-0430

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect