Vulnerability Description
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sean Macguire | Big Brother | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.htmlPatchVendor Advisory
- http://www.osvdb.org/1472
- http://www.securityfocus.com/bid/1494ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5103
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.htmlPatchVendor Advisory
- http://www.osvdb.org/1472
- http://www.securityfocus.com/bid/1494ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5103
FAQ
What is CVE-2000-0639?
CVE-2000-0639 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose ...
How severe is CVE-2000-0639?
CVE-2000-0639 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0639?
Check the references section above for vendor advisories and patch information. Affected products include: Sean Macguire Big Brother.