CVE-2002-0736

Опубликовано: 12 авг. 2002

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
http://support.microsoft.com/support/kb/articles/q316/8/38.asp
Patch
Vendor Advisory
http://www.iss.net/security_center/static/8862.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/4528
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
http://support.microsoft.com/support/kb/articles/q316/8/38.asp
Patch
Vendor Advisory
http://www.iss.net/security_center/static/8862.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/4528
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:backoffice:4.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:backoffice:4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12377

Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jh75-frg8-52h3

github

почти 4 года назад