Vulnerability Name: | CCN-8069 | ||||||
Published: | 2002-01-29 | ||||||
Updated: | 2002-01-29 | ||||||
Summary: | The "cphost.dll" module installed with Microsoft Site Server version 3.0 up to SP4 running on Windows NT 4.0 could allow a remote attacker to traverse directories on the Web server. A remote attacker could traverse directories and upload Active Server Pages (ASP files) containing malicious code to the /Sites/Publishing directory where it would be executed by the Site Server. An attacker can use this vulnerability to gain access to the system, database, or gain elevated privileges. | ||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||
Vulnerability Consequences: | Gain Privileges | ||||||
References: | Source: CCN Type: rain forest puppy advisory RFP2201 MS Site Server Evilness Source: CCN Type: BID-4004 Microsoft Site Server 3.0 Arbitrary ASP Code Execution Vulnerability Source: XF Type: UNKNOWN siteserver-post-directory-traversal(8069) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |