BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.


Synopsis :

The web server is affected by an authentication bypass vulnerability.

Description :

The remote host is running BadBlue web server earlier then 2.3. Such
versions are reportedly affected by an authentication bypass
vulnerability. A flaw in the order that security checks are performed
could allow an attacker to gain administrative access to the
application.

See also :

http://archives.neohapsis.com/archives/bugtraq/2003-04/0247.html

Solution :

Upgrade to BadBlue v 2.3 or newer as this reportedly fixes the issue.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

Family: Web Servers

Nessus Plugin ID: 11641 (badblue_remote_administrative_access2.nasl)

Bugtraq ID:

CVE ID: