CVE-2006-1257

3 documents3 sources

Severity

7.5HIGH

EPSS

42.3%

top 2.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Commerce Server

Timeline

PublishedMar 19

Latest updateMay 1

Description

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/commerce_server2002

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-j7hg-4m8w-qjr3: The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in↗2022-05-01

▶

CVEList

CVE-2006-1257: The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in↗2006-03-19

▶