PT-2002-1587 · Stepweb · Stepweb Search Engine

Publicado

2002-06-11

Atualizado

2008-09-05

CVE-2002-0537

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions StepWeb Search Engine (SWS) version 2.5

Description The issue concerns the storage of passwords in links to manager.pl within the admin.html file, allowing remote attackers who can access the admin.html file to gain administrative privileges to SWS.

Recommendations For SWS version 2.5, consider restricting access to the admin.html file and the manager.pl script to minimize the risk of exploitation. As a temporary workaround, avoid using the admin.html file until a secure method of password storage is implemented.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0537

Produtos afetados

Stepweb Search Engine

PT-2002-1587 · Stepweb · Stepweb Search Engine

CVE-2002-0537

Identificadores relacionados

Produtos afetados

Referências · 4