Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2003-0332
HistoryJun 09, 2003 - 4:00 a.m.

CVE-2003-0332

2003-06-0904:00:00
[email protected]
web.nvd.nist.gov
1

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

68.3%

JSON

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.

Affected configurations

Nvd
Node
working_resources_inc.badblueRange2.2
VendorProductVersionCPE
working_resources_inc.badblue*cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*

Related

exploitdb 1
cvelist 1
nessus 1
cve 1
exploitdb
exploitdb
Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
2003-05-20 00:00:00
cvelist
cvelist
CVE-2003-0332
2003-05-22 04:00:00
nessus
nessus
BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass
2003-04-27 00:00:00
cve
cve
CVE-2003-0332
2003-06-09 04:00:00

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

68.3%

JSON
Related for NVD:CVE-2003-0332
exploitdb1cvelist1nessus1cve1