CyberSec.Space Logo
返回 CVE 浏览器

CVE-2000-0696

HIGH
7.5
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile2.04th
Published2000年10月20日
Last Modified2026年4月16日

Vulnerability Description

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Affected Platforms (CPE)

📦
Sun

Solaris Answerbook2

= 1.3
📦
Sun

Solaris Answerbook2

= 1.4
📦
Sun

Solaris Answerbook2

= 1.4.1
📦
Sun

Solaris Answerbook2

= 1.4.2

References & Advisories

🔗 http://archives.neohapsis.com/archives/sun/2000-q3/0001.html
🔗 http://seclists.org/bugtraq/2000/Aug/0105.html
🔗 http://www.s21sec.com/en/avisos/s21sec-004-en.txt
🔗 http://www.securityfocus.com/bid/1554
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5069
🔗 http://archives.neohapsis.com/archives/sun/2000-q3/0001.html
🔗 http://seclists.org/bugtraq/2000/Aug/0105.html
🔗 http://www.s21sec.com/en/avisos/s21sec-004-en.txt

相关漏洞威胁

CVE-2000-069710.0

The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands...

CVE-2005-05484.3

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject ...

CVE-2005-05494.3

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject ...

CVE-2000-008110.0

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by usin...