Vulnerabilities > CVE-2000-0696 - Unspecified vulnerability in SUN Solaris Answerbook2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sun

exploit available

NVD

Published: 2000-10-20

Updated: 2017-12-19

Summary

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Solaris Answerbook2 1.3 SUN Solaris Answerbook2 1.4 SUN Solaris Answerbook2 1.4.1 SUN Solaris Answerbook2 1.4.2	4

Exploit-Db

description	Sun AnswerBook2 1.4.2/1.4.3/1.4.4 Administration Interface Access. CVE-2000-0696 . Remote exploit for solaris platform
id	EDB-ID:20144
last seen	2016-02-02
modified	2000-08-08
published	2000-08-08
reporter	Lluis Mora
source	https://www.exploit-db.com/download/20144/
title	Sun AnswerBook2 1.4.2/1.4.3/1.4.4 Administration Interface Access

Summary

Vulnerable Configurations

Exploit-Db

References