ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
References
Link | Resource |
---|---|
http://online.securityfocus.com/archive/82/266705 | |
http://www.asp-nuke.com/news.asp?date=20020412&cat=11 | |
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt | |
http://www.iss.net/security_center/static/8833.php | Patch Vendor Advisory |
http://www.securityfocus.com/bid/4489 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-11T04:00:00
Updated: 2002-06-15T09:00:00
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0523
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-05T20:28:14.867
Link: CVE-2002-0523
JSON object: View
Redhat Information
No data.
CWE