ID CVE-2002-0007 Type cve Reporter NVD Modified 2017-10-09T21:30:03
Description
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
{"id": "CVE-2002-0007", "bulletinFamily": "NVD", "title": "CVE-2002-0007", "description": "CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.", "published": "2002-01-31T00:00:00", "modified": "2017-10-09T21:30:03", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0007", "reporter": "NVD", "references": ["http://www.bugzilla.org/security2_14_1.html", "http://rhn.redhat.com/errata/RHSA-2002-001.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7812", "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html", "http://bugzilla.mozilla.org/show_bug.cgi?id=54901", "http://www.securityfocus.com/bid/3792"], "cvelist": ["CVE-2002-0007"], "type": "cve", "lastseen": "2017-10-10T10:34:47", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mozilla:bugzilla:2.14.1"], "cvelist": ["CVE-2002-0007"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.", "edition": 1, "enchantments": {}, "hash": "bc1c9c9bdfb27f6a9e5d60443d1e7d195b8cc9f6784685d2803e9ea91ef38e85", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "fed54643f75004041a8c030c376efbc1", "key": "references"}, {"hash": "b0b8cda3fadbb4917b5f5b8304340a5d", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "9b6403a1d8113ee7ae3b4573e6a45725", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "93622fc0865ee88a1f26596e9c935eb5", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b44d457e7e3d94e0d52e3f48f024da14", "key": "description"}, {"hash": "4cc37aaf730653f51c02610ad5213595", "key": "modified"}, {"hash": "1a677248c72058bc6c1a673c690b0cf2", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "963a69a911d1d1f73d6dd13ae9849949", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0007", "id": "CVE-2002-0007", "lastseen": "2016-09-03T03:15:36", "modified": "2008-09-10T15:11:02", "objectVersion": "1.2", "published": "2002-01-31T00:00:00", "references": ["http://www.bugzilla.org/security2_14_1.html", "http://rhn.redhat.com/errata/RHSA-2002-001.html", "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html", "http://bugzilla.mozilla.org/show_bug.cgi?id=54901", "http://www.securityfocus.com/bid/3792", "http://xforce.iss.net/xforce/xfdb/7812"], "reporter": "NVD", "scanner": [], "title": "CVE-2002-0007", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:15:36"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9b6403a1d8113ee7ae3b4573e6a45725"}, {"key": "cvelist", "hash": "1a677248c72058bc6c1a673c690b0cf2"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "b44d457e7e3d94e0d52e3f48f024da14"}, {"key": "href", "hash": "963a69a911d1d1f73d6dd13ae9849949"}, {"key": "modified", "hash": "74eaebf6a1b1d7e366697d544709dbd3"}, {"key": "published", "hash": "b0b8cda3fadbb4917b5f5b8304340a5d"}, {"key": "references", "hash": "cf28235ff14ab0b011e3712fc58300b9"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "93622fc0865ee88a1f26596e9c935eb5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4e77d9bd002022c9034142a307bdf85bbe926a12fb70e6a59331ba51fd887030", "viewCount": 0, "enchantments": {"vulnersScore": 5.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:mozilla:bugzilla:2.14.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:5422", "type": "osvdb", "title": "Bugzilla CGI.pl Null Password LDAP Session", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=54901)\n[Vendor Specific Advisory URL](http://www.bugzilla.org/security/2.14.1/)\nISS X-Force ID: 7812\n[CVE-2002-0007](https://vulners.com/cve/CVE-2002-0007)\nBugtraq ID: 3792\n", "published": "2004-04-08T23:12:35", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:5422", "cvelist": ["CVE-2002-0007"], "lastseen": "2017-04-28T13:20:00"}]}}
