Authentication Flaw in SolarWinds dwhttpd Web Server Administration Interface
CVE-2000-0696

Currently unrated

Key Information:

Vendor: Oracle
Status: Solaris Answerbook2
Vendor: CVE Published:; 20 October 2000

What is CVE-2000-0696?

The dwhttpd web server in Solaris AnswerBook2 is susceptible to an authentication vulnerability. This flaw allows remote attackers to exploit improperly authenticated requests made to its associated CGI scripts. By directly invoking the admin CGI script, an attacker can create and manage user accounts without proper authorization, thus compromising the system's integrity and security.

References

http://www.s21sec.com/en/avisos/s21sec-004-en.txt

x_refsource_MISC

http://www.securityfocus.com/bid/1554

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/sun/2000-q3/0001.html

vendor-advisoryx_refsource_SUN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000

Oracle

What is CVE-2000-0696?

References

EPSS Score

Timeline