Lucene search

[email protected]CVE-2002-0121

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0121

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0121

php 4.0

php 4.1.1

session ids

web connections hijack

nvd.

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

Affected configurations

NVD

Node

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.1.0

phpphpMatch4.1.2

CPENameOperatorVersion
php:phpphpeq4.0.4
php:phpphpeq4.0.5
php:phpphpeq4.0.6
php:phpphpeq4.1.0
php:phpphpeq4.1.2

CPE	Name	Operator	Version
php:php	php	eq	4.0.4
php:php	php	eq	4.0.5
php:php	php	eq	4.0.6
php:php	php	eq	4.1.0
php:php	php	eq	4.1.2

References

online.securityfocus.com/archive/1/250196

www.iss.net/security_center/static/7908.php

www.securityfocus.com/bid/3873

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVE-2002-0121

cvelist1 nvd1