Vulnerability Description
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hosting Controller | Hosting Controller | 2002 |
References
- http://hostingcontroller.com/english/logs/sp2log.htmlPatchVendor Advisory
- http://online.securityfocus.com/archive/1/282129ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9554.php
- http://www.securityfocus.com/bid/5229
- http://hostingcontroller.com/english/logs/sp2log.htmlPatchVendor Advisory
- http://online.securityfocus.com/archive/1/282129ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9554.php
- http://www.securityfocus.com/bid/5229
FAQ
What is CVE-2002-0776?
CVE-2002-0776 is a vulnerability with a CVSS score of 7.5 (HIGH). getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" ...
How severe is CVE-2002-0776?
CVE-2002-0776 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0776?
Check the references section above for vendor advisories and patch information. Affected products include: Hosting Controller Hosting Controller.