CVE-2000-0431

Cobalt RaQ2 and RaQ3 - Unauthenticated Arbitrary File Write via FrontPage Upload

Title source: llm
STIX 2.1

Description

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049%40HiWAAY.net
Third Party Advisory x_refsource_confirm
http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1346
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1238

Scores

EPSS 0.0037
EPSS Percentile 58.9%

Details

Status published
Products (2)
sun/cobalt_raq_2
sun/cobalt_raq_3i
Published May 22, 2000
Tracked Since Feb 18, 2026