Title: Solaris AnswerBook2 Administration Interface Access Vulnerability
Severity: HIGH
Description:
A lack of authentication checks for certain scripts within the administration interface of AnswerBook2 versions 1.4.4 and prior, for Solaris, allows remote users to create administration accounts. By directly accessing the /cgi-bin/admin/admin script present under the AnswerBook2 dwhttpd web server, it is possible to add users to the administration interface. This will allow the attacker to read log files and manage content.
Affected Products:
- Sun AnswerBook2 1.3.0
- Sun AnswerBook2 1.4.0
- Sun AnswerBook2 1.4.1
- Sun AnswerBook2 1.4.2
- Sun AnswerBook2 1.4.3
- Sun AnswerBook2 1.4.4
References:
- Sun Microsystems: Sun Alert ID: 57400
- Sun Microsystems: Sun Patch Access Page
- Sun Microsystems: Sun Patches List
- Sun Microsystems: Sunsolve Online(tm)
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
