Lucene search

[email protected]CVE-2002-0776

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0776

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0776

hosting controller 2002

getuserdesc.asp

remote attack

password modification

privilege escalation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the “UpdateUser” hot fix.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerMatch2002

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq2002

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	2002

References

hostingcontroller.com/english/logs/sp2log.html

online.securityfocus.com/archive/1/282129

www.iss.net/security_center/static/9554.php

www.securityfocus.com/bid/5229

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2002-0776

cvelist1 nvd1