CVE-2001-0972

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=99834088223352&w=2
http://www.securityfocus.com/bid/3210	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011
http://marc.info/?l=bugtraq&m=99834088223352&w=2
http://www.securityfocus.com/bid/3210	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:surf-net:asp_forum::::::::
	cpe:2.3:a:surf-net:asp_forum:2.20:::::::*

History

20 Nov 2024, 23:36

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=99834088223352&w=2 -~~	() http://marc.info/?l=bugtraq&m=99834088223352&w=2 -
References	~~() http://www.securityfocus.com/bid/3210 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/3210 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7011 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7011 -

Information

Published : 2001-08-31 04:00

Updated : 2024-11-20 23:36

NVD link : CVE-2001-0972

Mitre link : CVE-2001-0972

CVE.ORG link : CVE-2001-0972

JSON object : View

Products Affected

surf-net

asp_forum

CWE

NVD-CWE-Other

10.0 /10