Lucene search

[email protected]CVE-2002-0097

HistoryMar 25, 2002 - 5:00 a.m.

CVE-2002-0097

2002-03-2505:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

geeklog 1.3

uid

remote attack

account hijacking

administrator account

cookie modification

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user’s permanent cookie to the target account.

CPENameOperatorVersion
geeklog:geekloggeeklogeq1.3

CPE	Name	Operator	Version
geeklog:geeklog	geeklog	eq	1.3

References

geeklog.sourceforge.net/index.php?topic=Security

online.securityfocus.com/archive/1/249443

www.iss.net/security_center/static/7869.php

www.securityfocus.com/bid/3844

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2002-0097

nessus1