Vulnerability Details CVE-2002-0736
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.128
EPSS Ranking 93.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
- http://support.microsoft.com/support/kb/articles/q316/8/38.asp
- http://www.iss.net/security_center/static/8862.php
- http://www.securityfocus.com/bid/4528
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
- http://support.microsoft.com/support/kb/articles/q316/8/38.asp
- http://www.iss.net/security_center/static/8862.php
- http://www.securityfocus.com/bid/4528
Products affected by CVE-2002-0736
-
cpe:2.3:a:microsoft:backoffice:4.0
-
cpe:2.3:a:microsoft:backoffice:4.5