Vulnerabilities > CVE-2002-0523 - Information Disclosure vulnerability in ASP-Nuke Forged Cookie

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
asp-nuke

Summary

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.

Vulnerable Configurations

Part Description Count
Application
Asp-Nuke
2

Seebug

bulletinFamilyexploit
descriptionBugCVE: CVE-2002-0523 BUGTRAQ: 4489 ASP-Nuke存在设计问题,可导致攻击者获得主机相关敏感信息。 攻击者可以本地修改Cookie信息并提交,导致主机返回所有当前登陆用户列表或者返回包含WEB ROOT路径的错误信息。 攻击者可以利用这些信息进一步对系统进行攻击。 ASP-Nuke RC1-RC2 厂商补丁: ASP-Nuke -------- 目前厂商已经在最新版本的软件中修补了此漏洞,请到厂商的主页获取最新版本: http://www.asp-nuke.com/downloads.asp
idSSV:19615
last seen2017-11-19
modified2005-10-01
published2005-10-01
reporterRoot
titleASP-Nuke伪造Cookie导致信息泄露漏洞