Abyss Web Server Administration Console Authentication Bypass

2002-08-22T00:00:00
ID OSVDB:3375
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2002-08-22T00:00:00

Description

Vulnerability Description

Abyss Web Server contains a flaw that may allow a malicious user to gain access to the Administrative Console. The issue is triggered when because of a lack of authentication in the web server's configuration directory. It is possible that the flaw may allow an attacker to administer the server resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Aprelium has released a patch to address this vulnerability.

Short Description

Abyss Web Server contains a flaw that may allow a malicious user to gain access to the Administrative Console. The issue is triggered when because of a lack of authentication in the web server's configuration directory. It is possible that the flaw may allow an attacker to administer the server resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.aprelium.com Vendor Specific Solution URL: http://www.aprelium.com/news/patch1033.html Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Other Advisory URL: http://aluigi.altervista.org/adv/abyss-adv.txt ISS X-Force ID: 9957 CVE-2002-1080 Bugtraq ID: 5548