Lucene search

MitreCVE-2003-0589

HistoryOct 17, 2016 - 4:00 a.m.

CVE-2003-0589

2016-10-1704:00:00

mitre

web.nvd.nist.gov

cve-2003-0589

remote attackers

bypass authentication

improper condition

admin.php

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.

Affected configurations

Nvd

Node

digi-fxdigi-newsMatch1.1

VendorProductVersionCPE
digi-fxdigi-news1.1cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
digi-fx	digi-news	1.1	cpe:2.3:a:digi-fx:digi-news:1.1:::::::*

References

marc.info/?l=bugtraq&m=105839007002993&w=2

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

Related for CVE-2003-0589