Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1257 | First vendor Publication | 2006-03-18 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1257 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24121 | Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass Commerce Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the sample files within the "AuthFiles" directory which can be exploited to bypass authentication and logon as a valid user without knowing the password. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-04-10 | Name : The remote web application may be vulnerable to an authentication bypass attack. File : commerceserver2002_auth_bypass.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:48 |
|
2021-04-22 01:04:21 |
|
2020-05-23 00:17:31 |
|
2018-10-18 21:20:01 |
|
2017-07-20 09:23:26 |
|
2016-06-28 15:40:21 |
|
2014-02-17 10:35:03 |
|
2013-05-11 10:51:41 |
|