Vulnerabilities > CVE-2002-0523 - Unspecified vulnerability in Asp-Nuke Rc1/Rc2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Seebug
| bulletinFamily | exploit |
| description | BugCVE: CVE-2002-0523 BUGTRAQ: 4489 ASP-Nuke存在设计问题,可导致攻击者获得主机相关敏感信息。 攻击者可以本地修改Cookie信息并提交,导致主机返回所有当前登陆用户列表或者返回包含WEB ROOT路径的错误信息。 攻击者可以利用这些信息进一步对系统进行攻击。 ASP-Nuke RC1-RC2 厂商补丁: ASP-Nuke -------- 目前厂商已经在最新版本的软件中修补了此漏洞,请到厂商的主页获取最新版本: http://www.asp-nuke.com/downloads.asp |
| id | SSV:19615 |
| last seen | 2017-11-19 |
| modified | 2005-10-01 |
| published | 2005-10-01 |
| reporter | Root |
| title | ASP-Nuke伪造Cookie导致信息泄露漏洞 |
References
- http://online.securityfocus.com/archive/82/266705
- http://online.securityfocus.com/archive/82/266705
- http://www.asp-nuke.com/news.asp?date=20020412&cat=11
- http://www.asp-nuke.com/news.asp?date=20020412&cat=11
- http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
- http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
- http://www.iss.net/security_center/static/8833.php
- http://www.iss.net/security_center/static/8833.php
- http://www.securityfocus.com/bid/4489
- http://www.securityfocus.com/bid/4489