Vulnerability Description
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Surf-Net | Asp Forum | <= 2.30 |
References
- http://marc.info/?l=bugtraq&m=99834088223352&w=2
- http://www.securityfocus.com/bid/3210PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7011
- http://marc.info/?l=bugtraq&m=99834088223352&w=2
- http://www.securityfocus.com/bid/3210PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7011
FAQ
What is CVE-2001-0972?
CVE-2001-0972 is a vulnerability with a CVSS score of 10.0 (HIGH). Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1...
How severe is CVE-2001-0972?
CVE-2001-0972 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0972?
Check the references section above for vendor advisories and patch information. Affected products include: Surf-Net Asp Forum.