BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.

Synopsis :

The web server is affected by an authentication bypass vulnerability.

Description :

The remote host is running BadBlue web server earlier then 2.3. Such
versions are reportedly affected by an authentication bypass
vulnerability. A flaw in the order that security checks are performed
could allow an attacker to gain administrative access to the

See also :

Solution :

Upgrade to BadBlue v 2.3 or newer as this reportedly fixes the issue.

Risk factor :

High / CVSS Base Score : 7.6

Family: Web Servers

Nessus Plugin ID: 11641 (badblue_remote_administrative_access2.nasl)

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial