Detections
Analytics

BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access

high Nessus Plugin ID 11641

Language:

Synopsis

The web server is affected by an authentication bypass vulnerability.

Description

The remote host is running BadBlue web server earlier then 2.3. Such versions are reportedly affected by an authentication bypass vulnerability. A flaw in the order that security checks are performed could allow an attacker to gain administrative access to the application.

Solution

Upgrade to BadBlue v 2.3 or newer as this reportedly fixes the issue.

See Also

https://seclists.org/bugtraq/2003/Apr/251

Plugin Details

Severity: High

ID: 11641

File Name: badblue_remote_administrative_access2.nasl

Version: 1.14

Type: remote

Family: Web Servers

Published: 5/20/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C