CVE-2002-2170

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2170
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
working_resources_inc. / badblue	enterprise_1.7	enterprise_1.7.x
working_resources_inc. / badblue	enterprise_1.7.3	enterprise_1.7.3.x
working_resources_inc. / badblue	enterprise_1.7.2	enterprise_1.7.2.x
working_resources_inc. / badblue	enterprise_1.7.4	enterprise_1.7.4.x

http://online.securityfocus.com/archive/1/283418
http://www.iss.net/security_center/static/9642.php
http://www.securityfocus.com/bid/5276

Vulnerability Database

289,697

CVE-2002-2170