Lucene search
HistoryMay 29, 2002 - 4:00 a.m.
CVE-2002-0236
authentication bypass
lucent vitalsuite
remote attack
http request
cve-2002-0236
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.035 Low
EPSS
Percentile
91.6%
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
Affected configurations
Node
lucentvitalanalysisMatch8.0
ORlucentvitalanalysisMatch8.1
ORlucentvitalanalysisMatch8.2
ORlucentvitaleventMatch8.0
ORlucentvitaleventMatch8.1
ORlucentvitaleventMatch8.2
ORlucentvitalhelpMatch8.0
ORlucentvitalhelpMatch8.1
ORlucentvitalhelpMatch8.2
ORlucentvitalnetMatch8.0
ORlucentvitalnetMatch8.1
ORlucentvitalnetMatch8.2
ORlucentvitalsuiteMatch8.0
ORlucentvitalsuiteMatch8.1
ORlucentvitalsuiteMatch8.2
Related
nessus
nessus
Lucent VitalNet VsSetCookie.exe Unauthorized Access
2003-06-11 00:00:00
nvd
nvd
CVE-2002-0236
2002-05-29 04:00:00
cvelist
cvelist
CVE-2002-0236
2002-05-03 04:00:00
openvas
openvas
VsSetCookie.exe vulnerability
2005-11-03 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.035 Low
EPSS
Percentile
91.6%
Related for CVE-2002-0236