PT-2007-7333 · Hosting Controller · Hosting Controller
Publicado
2007-12-20
·
Atualizado
2018-10-15
·
CVE-2007-6499
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Hosting Controller versions 6.1 Hot fix 3.3 and earlier
Description
The issue allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account. This can be achieved by sending a request to the "fp2002/UNINSTAL.asp" endpoint with a specific
host id (IIS) value.Recommendations
For Hosting Controller versions 6.1 Hot fix 3.3 and earlier, as a temporary workaround, consider restricting access to the "fp2002/UNINSTAL.asp" endpoint to prevent unauthorized uninstallation of FrontPage extensions. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hosting Controller