Lucene search

[email protected]CVE-2008-6739

HistoryApr 21, 2009 - 6:30 p.m.

CVE-2008-6739

2009-04-2118:30:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-6739

todd woolums asp

download management script

authentication bypass

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.

Affected configurations

NVD

Node

toddwoolumsasp_downloadMatch1.03

CPENameOperatorVersion
toddwoolums:asp_downloadtoddwoolums asp downloadeq1.03

CPE	Name	Operator	Version
toddwoolums:asp_download	toddwoolums asp download	eq	1.03

References

exchange.xforce.ibmcloud.com/vulnerabilities/42983

www.exploit-db.com/exploits/5780

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2008-6739

nvd1 cvelist1 prion1