CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0431

HIGH
7.5
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile42.22th
PublishedMay 22, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

Affected Platforms (CPE)

πŸ”Œ
Sun

Cobalt Raq 2

All versions
πŸ”Œ
Sun

Cobalt Raq 3i

All versions

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
πŸ”— http://www.osvdb.org/1346
πŸ”— http://www.securityfocus.com/bid/1238
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049%40HiWAAY.net
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
πŸ”— http://www.osvdb.org/1346
πŸ”— http://www.securityfocus.com/bid/1238
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049%40HiWAAY.net

Related Vulnerabilities

CVE-2002-136110.0

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute a...

CVE-1999-040810.0

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are acc...

CVE-2002-03487.5

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long ...

CVE-2002-03467.5

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via J...