CVE-2003-0332

{"id": "CVE-2003-0332", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-09T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105346382524169&w=2", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension."}, {"lang": "es", "value": "La extendis\u00f3n ISAPI en BadBlue 1.7 hasta 2.2, y posiblemente versiones anteriores, modifica las dos primeras letras de la extensi\u00f3n de un archivo despu\u00e9s de realizar comprobaciones de seguridad, lo que permite que atacantes remotos pasen la autentificaci\u00f3n mediante un fichero .ats en lugar de uno .hts."}], "lastModified": "2016-10-18T02:32:36.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20AAA6A-F743-4CAE-938F-F10C137B9CB0", "versionEndIncluding": "2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}