← CVECheck
HomeVulnerabilities

CVE-2003-0332 — HIGH severity vulnerability (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly)

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.

CVE IDCVE-2003-0332
SeverityHIGH
CVSS score7.6
CVSS vectorAV:N/AC:H/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2003-06-09
Last modified2026-04-16
DescriptionThe ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →