Vulnerability Details CVE-2002-0736
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.159
EPSS Ranking 94.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
- http://support.microsoft.com/support/kb/articles/q316/8/38.asp
- http://www.iss.net/security_center/static/8862.php
- http://www.securityfocus.com/bid/4528
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
- http://support.microsoft.com/support/kb/articles/q316/8/38.asp
- http://www.iss.net/security_center/static/8862.php
- http://www.securityfocus.com/bid/4528
Products affected by CVE-2002-0736
-
cpe:2.3:a:microsoft:backoffice:4.0
-
cpe:2.3:a:microsoft:backoffice:4.5