Lucene search

[email protected]CVE-2000-0850

HistoryNov 14, 2000 - 5:00 a.m.

CVE-2000-0850

2000-11-1405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

netegrity siteminder

cve-2000-0850

authentication bypass

remote attack

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending “$/FILENAME.ext” (where ext is .ccc, .class, or .jpg) to the requested URL.

CPENameOperatorVersion
netegrity:sitemindernetegrity sitemindereq4.0
netegrity:sitemindernetegrity sitemindereq3.6

CPE	Name	Operator	Version
netegrity:siteminder	netegrity siteminder	eq	4.0
netegrity:siteminder	netegrity siteminder	eq	3.6

References

www.atstake.com/research/advisories/2000/a091100-1.txt

www.securityfocus.com/bid/1681

exchange.xforce.ibmcloud.com/vulnerabilities/5230

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON