CVE-2003-0332 — HIGH severity vulnerability (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly)
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
| CVE ID | CVE-2003-0332 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.6 |
| CVSS vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2003-06-09 |
| Last modified | 2026-04-16 |
| Description | The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →