Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Commerce Server 2002 Authentication Bypass Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks version of Commerce Server 2002

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web application may be vulnerable to an authentication
bypass vulnerability.

Description :

The version of Microsoft Commerce Server 2002 installed on the remote
host may enable a possible hacker to bypass authentication if the sample
files from the 'AuthFiles' folder are installed under the web server's
document root.

Note that successful exploitation of this issue requires knowledge of
the location of the sample files as well as a valid user name.

See also :

http://www.securityfocus.com/archive/1/archive/1/427974/100/0/threaded
http://www.nessus.org/u?8f31fa25

Solution :

Apply Commerce Server 2002 Service Pack 2 or later.

Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.