BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass

high Nessus Plugin ID 11554

Language:

Synopsis

The remote web server is affected by an authentication bypass vulnerability.

Description

The remote host is running the BadBlue web server earlier than 2.2.
Such versions are reportedly affected by an authentication bypass vulnerability. It is possible for an attacker to gain administrative access using a filename with a .ats extension instead of a .hts extension.

Solution

Upgrade to BadBlue v 2.2 or newer as this reportedly fixes the issue.

See Also

https://seclists.org/vulnwatch/2003/q2/77

Plugin Details

Severity: High

ID: 11554

File Name: badblue_remote_administrative_access.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 4/27/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/20/2003

Exploitable With

Metasploit (BadBlue 2.5 EXT.dll Buffer Overflow)

Reference Information

CVE: CVE-2003-0332

BID: 7387