Lucene search

[email protected]CVE-2008-4301

HistorySep 29, 2008 - 5:17 p.m.

CVE-2008-4301

2008-09-2917:17:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

1632

cve-2008-4301

iis

activex control

remote attackers

password setting

security vulnerability

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.2%

JSON

A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous

CPENameOperatorVersion
microsoft:internet_information_servicesmicrosoft internet information serviceseq-

CPE	Name	Operator	Version
microsoft:internet_information_services	microsoft internet information services	eq	-

References

www.attrition.org/pipermail/vim/2008-October/002081.html

www.securityfocus.com/archive/1/496694/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/45587

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2008-4301

prion1