Vulnerability Description
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Cobalt Raq 2 | All versions |
| Sun | Cobalt Raq 3I | All versions |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
- http://www.osvdb.org/1346
- http://www.securityfocus.com/bid/1238PatchVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B1
- http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
- http://www.osvdb.org/1346
- http://www.securityfocus.com/bid/1238PatchVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B1
FAQ
What is CVE-2000-0431?
CVE-2000-0431 is a vulnerability with a CVSS score of 7.5 (HIGH). Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
How severe is CVE-2000-0431?
CVE-2000-0431 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0431?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Cobalt Raq 2, Sun Cobalt Raq 3I.