Vulnerability Description
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stepweb | Sws | 2.5 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8849.phpVendor Advisory
- http://www.securityfocus.com/bid/4503PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8849.phpVendor Advisory
- http://www.securityfocus.com/bid/4503PatchVendor Advisory
FAQ
What is CVE-2002-0537?
CVE-2002-0537 is a vulnerability with a CVSS score of 10.0 (HIGH). The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SW...
How severe is CVE-2002-0537?
CVE-2002-0537 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0537?
Check the references section above for vendor advisories and patch information. Affected products include: Stepweb Sws.