CVE-2000-0696
First published: Thu Sep 21 2000(Updated: )
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Solaris Answerbook2 | =1.4 | |
| Sun Solaris Answerbook2 | =1.4.1 | |
| Sun Solaris Answerbook2 | =1.4.2 | |
| Sun Solaris Answerbook2 | =1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-0696?
CVE-2000-0696 has a high severity due to the potential for unauthorized account creation.
How do I fix CVE-2000-0696?
To fix CVE-2000-0696, secure the administration interface by implementing proper authentication measures.
What versions of Solaris AnswerBook2 are affected by CVE-2000-0696?
CVE-2000-0696 affects Solaris AnswerBook2 versions 1.3, 1.4, 1.4.1, and 1.4.2.
Can CVE-2000-0696 be exploited remotely?
Yes, CVE-2000-0696 can be exploited remotely as it allows attackers to access the admin CGI script without proper authentication.
What consequence can result from CVE-2000-0696 exploitation?
Exploitation of CVE-2000-0696 can lead to unauthorized user account creation, compromising the system's security.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/sun
- canonical/sun solaris answerbook2
- version/sun solaris answerbook2/1.4
- version/sun solaris answerbook2/1.4.1
- version/sun solaris answerbook2/1.4.2
- version/sun solaris answerbook2/1.3