CVE-2002-0430 : MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authenticatio

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

Published 2002-08-12 04:00:00

Updated 2008-09-10 19:12:01

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-0430

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0430

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P	1.9	6.4	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-0430

http://www.securityfocus.com/bid/4252
http://archives.neohapsis.com/archives/bugtraq/2002-03/0081.html

Exploit;Vendor Advisory

Products affected by CVE-2002-0430

SUN » Cobalt Raq 2
cpe:2.3:h:sun:cobalt_raq_2:*:*:*:*:*:*:*:*
Matching versions
SUN » Cobalt Raq 3i
cpe:2.3:h:sun:cobalt_raq_3i:*:*:*:*:*:*:*:*
Matching versions
SUN » Cobalt Raq 4
cpe:2.3:h:sun:cobalt_raq_4:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0430

Exploit prediction scoring system (EPSS) score for CVE-2002-0430

CVSS scores for CVE-2002-0430

References for CVE-2002-0430

Products affected by CVE-2002-0430