CVE-2000-0696

Solaris AnswerBook2 - Auth Bypass

Title source: llm

Description

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lluis Mora · textremotesolaris

https://www.exploit-db.com/exploits/20144

View Code ZIP pw:eip

References (5)

Core 5

Core References

Various Sources x_refsource_misc

http://www.s21sec.com/en/avisos/s21sec-004-en.txt

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1554

Patch, Vendor Advisory vendor-advisory x_refsource_sun

http://archives.neohapsis.com/archives/sun/2000-q3/0001.html

Mailing List mailing-list x_refsource_bugtraq

http://seclists.org/bugtraq/2000/Aug/0105.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5069

Scores

EPSS 0.0906

EPSS Percentile 92.7%

Details

Status published

Products (4)

sun/solaris_answerbook2 1.3

sun/solaris_answerbook2 1.4

sun/solaris_answerbook2 1.4.1

sun/solaris_answerbook2 1.4.2

Published Oct 20, 2000

Tracked Since Feb 18, 2026