| Vulnerability Name: | CVE-2002-0430 (CCN-8395) | ||||||||
| Assigned: | 2002-03-02 | ||||||||
| Published: | 2002-03-02 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. | ||||||||
| CVSS v3 Severity: | 4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: Digit-Labs Advisory 02-Mar-2002 Combined (Remote/Local root) Cobalt XTR vulnerabilities Source: BUGTRAQ Type: Exploit, Vendor Advisory 20020308 Remote Cobalt Raq XTR vulns Source: CCN Type: BugTraq Mailing List, Fri Mar 08 2002 - 12:32:38 CST Remote Cobalt Raq XTR vulns Source: MITRE Type: CNA CVE-2002-0430 Source: CCN Type: Cobalt Web site Sun Cobalt - Sun Cobalt RaQ XTR Server Appliances Source: CCN Type: OSVDB ID: 13161 Sun Cobalt RaQ XTR MultiFileUploadHandler.php Arbitrary File Overwrite Source: BID Type: UNKNOWN 4252 Source: CCN Type: BID-4252 Cobalt RaQ XTR MultiFileUpload.php Authentication Bypass Vulnerability Source: XF Type: UNKNOWN cobalt-multifileupload-bypass-auth(8395) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||