CVE

Id
2272  
CVE No.
CVE-2000-0696  
Status
Candidate  
Description
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.  
Phase
Modified (20080918)  
Votes
ACCEPT(4) Baker, Cole, Dik, Levy | MODIFY(1) Frech | NOOP(2) Christey, Wall  
Comments
Frech> XF:solaris-answerbook2-admin-interface | Christey> XF:solaris-answerbook2-admin-interface | http://xforce.iss.net/static/5069.php | Christey> BUGTRAQ:20000807 Vulnerabilities in Sun Solaris AnswerBook2 dwhttpd server | http://www.securityfocus.com/archive/1/74382 | Christey> Fix typo: "CGi" | CHANGE> [Dik changed vote from REVIEWING to ACCEPT]  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
8174 2272 CVE-2000-0696 BUGTRAQ:20000807 Vulnerabilities in Sun Solaris AnswerBook2 dwhttpd server  View
8175 2272 CVE-2000-0696 URL:http://seclists.org/bugtraq/2000/Aug/0105.html  View
8176 2272 CVE-2000-0696 MISC:http://www.s21sec.com/en/avisos/s21sec-004-en.txt  View
8177 2272 CVE-2000-0696 SUN:00196  View
8178 2272 CVE-2000-0696 URL:http://archives.neohapsis.com/archives/sun/2000-q3/0001.html  View
8179 2272 CVE-2000-0696 XF:solaris-answerbook2-admin-interface(5069)  View
8180 2272 CVE-2000-0696 URL:http://xforce.iss.net/static/5069.php  View
8181 2272 CVE-2000-0696 BID:1554  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63588 JVNDB-2003-000314 Sun Solaris の AnswerBook2 における認証を回避される脆弱性 Sun Solaris の AnswerBook2 Documentation Server には、管理インタフェースへのアクセス過程で利用される CGI スクリプトにおいて、特定のリクエストに対する認証用情報の妥当性のチェックを適切に行わない脆弱性が存在します。 CVE-2000-0696 2272 7.5 http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000314.html  View