PT-1998-1142 · Excite · Excite For Web Servers

Publicado

1998-11-30

Atualizado

2016-10-18

CVE-1999-1072

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Excite for Web Servers (EWS) version 1.1

Description The issue allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to "AT-generated.cgi" or "AT-admin.cgi" endpoints, using the password variable.

Recommendations For Excite for Web Servers (EWS) version 1.1, consider restricting access to the Architext.conf file to prevent local users from obtaining the encrypted password, and limit access to the "AT-generated.cgi" and "AT-admin.cgi" endpoints to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-1999-1072

Produtos afetados

Excite For Web Servers

PT-1998-1142 · Excite · Excite For Web Servers

CVE-1999-1072

Identificadores relacionados

Produtos afetados

Referências · 2