CVE-2000-0696

Currently unrated

Key Information:

Vendor: Oracle
Status: Solaris Answerbook2
Vendor: CVE Published:; 20 October 2000

Summary

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

References

http://www.s21sec.com/en/avisos/s21sec-004-en.txt

x_refsource_MISC

http://www.securityfocus.com/bid/1554

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/sun/2000-q3/0001.html

vendor-advisoryx_refsource_SUN

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000