Lucene search

[email protected]CVE-2000-0688

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0688

2000-10-2004:00:00

[email protected]

web.nvd.nist.gov

cybersecurity

cve-2000-0688

weak password authentication

remote attack

subscribe me lite

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.0%

JSON

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

Affected configurations

NVD

Node

cgi_script_centersubscribe_me_liteMatch2.0

CPENameOperatorVersion
cgi_script_center:subscribe_me_litecgi script center subscribe me liteeq2.0

CPE	Name	Operator	Version
cgi_script_center:subscribe_me_lite	cgi script center subscribe me lite	eq	2.0

References

archives.neohapsis.com/archives/bugtraq/2000-08/0292.html

marc.info/?l=bugtraq&m=96722957421029&w=2

www.cgiscriptcenter.com/subscribe/

www.securityfocus.com/bid/1607

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2000-0688

cvelist1 nvd1