发布时间 :2003-06-09 00:00:00
修订时间 :2016-10-17 22:32:36

[原文]The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.

[CNNVD]BadBlue ISAPI extension绕过认证漏洞(CNNVD-200306-040)

        从BadBlue 1.7到 2.2版本,和可能之前版本的ISAPI extension执行安全检查后修改文件扩展名首两个字母。远程攻击者借助具有.ats扩展名而不是.hts扩展名绕过认证。

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  VULNWATCH  20030520 BadBlue Remote Administrative Interface Access Vulnerability
(UNKNOWN)  BUGTRAQ  20030520 BadBlue Remote Administrative Interface Access Vulnerability

- 漏洞信息

BadBlue ISAPI extension绕过认证漏洞
高危 未知
2003-06-09 00:00:00 2006-08-23 00:00:00
        从BadBlue 1.7到 2.2版本,和可能之前版本的ISAPI extension执行安全检查后修改文件扩展名首两个字母。远程攻击者借助具有.ats扩展名而不是.hts扩展名绕过认证。

- 公告与补丁


- 漏洞信息 (22620)

Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability (EDBID:22620)
windows remote
2003-05-20 Verified
0 mattmurphy
N/A [点击下载]

BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions.

It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts access to non-HTML files by replacing the first two letters in the file extension of a requested resource with 'ht'. If the third character of a file extension is 's', then it is possible to trick BadBlue into serving a non-HTML file with an extension of '.hts'. This will bypass other security checks which would normally prevent BadBlue from serving these files to remote users.

This example will reveal the contents of the server's primary volume. 		

- 漏洞信息

BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass
Remote / Network Access Authentication Management
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2003-05-20 Unknow
2003-05-20 Unknow

- 解决方案

Upgrade to version 2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete