Vulnerability Details CVE-2000-0850
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.atstake.com/research/advisories/2000/a091100-1.txt
- http://www.securityfocus.com/bid/1681
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5230
- http://www.atstake.com/research/advisories/2000/a091100-1.txt
- http://www.securityfocus.com/bid/1681
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5230
Products affected by CVE-2000-0850
-
cpe:2.3:a:netegrity:siteminder:3.6
-
cpe:2.3:a:netegrity:siteminder:4.0