7.5
CVE-2006-1257
- EPSS 30.07%
- Veröffentlicht 19.03.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Commerce Server Version2002
Microsoft ≫ Commerce Server Version2002 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 30.07% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_securityconcepts_cbgw.asp
http://securityreason.com/securityalert/594
http://www.osvdb.org/24121
http://www.securityfocus.com/archive/1/427974/100/0/threaded
http://www.securityfocus.com/bid/17134
https://exchange.xforce.ibmcloud.com/vulnerabilities/25330