Detections
Analytics
BadBlue < 2.3 ISAPI Extension Administrative Actions Bypass
high Nessus Network Monitor Plugin ID 1500
Synopsis
The remote host is running the BadBlue web server.Description
The remote host is running the BadBlue web server. There is a flaw in the version used that may allow attackers to gain administrative privileges on this host without having to log in.Solution
Upgrade to BadBlue 2.3 or higher.See Also
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html
Plugin Details
Severity: High
ID: 1500
Family: Web Servers
Published: 8/18/2004
Updated: 3/6/2019
Nessus ID: 11554
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Exploitable With
Metasploit (BadBlue 2.5 EXT.dll Buffer Overflow)
Reference Information
CVE: CVE-2003-0332
BID: 7387