Vulnerability Description
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgiscript.Net | Cspassword | 1.0 |
References
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9220.phpVendor Advisory
- http://www.securityfocus.com/bid/4885PatchVendor Advisory
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9220.phpVendor Advisory
- http://www.securityfocus.com/bid/4885PatchVendor Advisory
FAQ
What is CVE-2002-0917?
CVE-2002-0917 is a vulnerability with a CVSS score of 7.5 (HIGH). CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
How severe is CVE-2002-0917?
CVE-2002-0917 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0917?
Check the references section above for vendor advisories and patch information. Affected products include: Cgiscript.Net Cspassword.