|
Family: CGI abuses --> Category: infos
Commerce Server 2002 Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of Commerce Server 2002
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web application may be vulnerable to an authentication
bypass vulnerability.
Description :
The version of Microsoft Commerce Server 2002 installed on the remote
host may enable a possible hacker to bypass authentication if the sample
files from the 'AuthFiles' folder are installed under the web server's
document root.
Note that successful exploitation of this issue requires knowledge of
the location of the sample files as well as a valid user name.
See also :
http://www.securityfocus.com/archive/1/archive/1/427974/100/0/threaded
http://www.nessus.org/u?8f31fa25
Solution :
Apply Commerce Server 2002 Service Pack 2 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|