CVE-2000-0720

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/1621	Exploit Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418f8c1a0%24953b29d4%40e8s9s4
https://exchange.xforce.ibmcloud.com/vulnerabilities/5169

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:::::::*
	cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05a:::::::*
	cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05b:::::::*
	cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.06:::::::*

History

No history.

Information

Published : 2000-10-20 04:00

Updated : 2023-11-07 01:55

NVD link : CVE-2000-0720

Mitre link : CVE-2000-0720

CVE.ORG link : CVE-2000-0720

JSON object : View

Products Affected

gwscripts

gwscripts_news_publisher

CWE

NVD-CWE-Other

{"id": "CVE-2000-0720", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-10-20T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/1621", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418f8c1a0%24953b29d4%40e8s9s4", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5169", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program."}], "lastModified": "2023-11-07T01:55:23.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DF581D7-7607-43EA-A267-5F8B3785FFF3"}, {"criteria": "cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11FA1E31-1E21-414A-93F3-DB139DD8C9E2"}, {"criteria": "cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99B8B94-4BDD-4E63-8133-E9F4FC8C62BD"}, {"criteria": "cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756FAAEC-D6C7-4390-BC94-2BC554B19C15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}