Lucene search

[email protected]CVE-2002-0066

HistoryApr 22, 2002 - 4:00 a.m.

CVE-2002-0066

2002-04-2204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0066

funk software

proxy host

named pipe

authentication

access control

privilege gain.

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host’s configuration utilities and gain privileges.

CPENameOperatorVersion
funk_software:funk_software_proxyfunk software funk software proxyeq3.0
bindview:netrcbindview netrceq1.0
funk_software:funk_software_proxyfunk software funk software proxyeq3.09
funk_software:funk_software_proxyfunk software funk software proxyeq3.06
bindview:netrcbindview netrceq3.06

CPE	Name	Operator	Version
funk_software:funk_software_proxy	funk software funk software proxy	eq	3.0
bindview:netrc	bindview netrc	eq	1.0
funk_software:funk_software_proxy	funk software funk software proxy	eq	3.09
funk_software:funk_software_proxy	funk software funk software proxy	eq	3.06
bindview:netrc	bindview netrc	eq	3.06

References

razor.bindview.com/publish/advisories/adv_FunkProxy.html

www.iss.net/security_center/static/8793.php

www.securityfocus.com/bid/4460

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2002-0066

securityvulns1