Vulnerability Details CVE-2010-0550
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.6%
CVSS Severity
CVSS v2 Score 4.0
References
- http://osvdb.org/62013
- http://secunia.com/advisories/38323
- http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication
- http://www.securityfocus.com/archive/1/509199/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55976
- http://osvdb.org/62013
- http://secunia.com/advisories/38323
- http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication
- http://www.securityfocus.com/archive/1/509199/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55976
Products affected by CVE-2010-0550
-
cpe:2.3:a:geopp:geo++_gncaster:*
-
cpe:2.3:a:geopp:geo++_gncaster:1.4.0.0