Vulnerability Description
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris Answerbook2 | 1.3 |
References
- http://archives.neohapsis.com/archives/sun/2000-q3/0001.htmlPatchVendor Advisory
- http://seclists.org/bugtraq/2000/Aug/0105.html
- http://www.s21sec.com/en/avisos/s21sec-004-en.txt
- http://www.securityfocus.com/bid/1554ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5069
- http://archives.neohapsis.com/archives/sun/2000-q3/0001.htmlPatchVendor Advisory
- http://seclists.org/bugtraq/2000/Aug/0105.html
- http://www.s21sec.com/en/avisos/s21sec-004-en.txt
- http://www.securityfocus.com/bid/1554ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5069
FAQ
What is CVE-2000-0696?
CVE-2000-0696 is a vulnerability with a CVSS score of 7.5 (HIGH). The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts...
How severe is CVE-2000-0696?
CVE-2000-0696 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0696?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris Answerbook2.