Lucene search

[email protected]CVE-2002-0776

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0776

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0776

hosting controller 2002

getuserdesc.asp

remote attack

password modification

privilege escalation

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the “UpdateUser” hot fix.

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq2002

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	2002

References

hostingcontroller.com/english/logs/sp2log.html

online.securityfocus.com/archive/1/282129

www.iss.net/security_center/static/9554.php

www.securityfocus.com/bid/5229

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2002-0776

cvelist1