Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-1145 | First vendor Publication | 2002-10-28 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-58 | Restful Privilege Elevation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10127 | Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-01-25 | Name : The remote database server is affected by multiple buffer overflows. File : mssql_litchfield_overflows.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:02:04 |
|
2024-02-01 12:01:22 |
|
2023-09-05 12:01:58 |
|
2023-09-05 01:01:13 |
|
2023-09-02 12:01:59 |
|
2023-09-02 01:01:14 |
|
2023-08-12 12:02:22 |
|
2023-08-12 01:01:14 |
|
2023-08-11 12:02:04 |
|
2023-08-11 01:01:15 |
|
2023-08-06 12:01:54 |
|
2023-08-06 01:01:15 |
|
2023-08-04 12:01:58 |
|
2023-08-04 01:01:15 |
|
2023-07-14 12:01:56 |
|
2023-07-14 01:01:15 |
|
2023-03-29 01:01:55 |
|
2023-03-28 12:01:20 |
|
2022-10-11 12:01:44 |
|
2022-10-11 01:01:07 |
|
2021-05-04 12:01:45 |
|
2021-04-22 01:01:53 |
|
2020-05-23 00:15:05 |
|
2018-10-13 00:22:26 |
|
2016-10-18 12:01:03 |
|
2014-02-17 10:25:06 |
|
2013-05-11 12:11:58 |
|