Lucene search

[email protected]CVE-2002-0354

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0354

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

netscape 6.1

mozilla 0.9.7

cve-2002-0354

xmlhttprequest

xmlhttp

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Affected configurations

NVD

Node

mozillamozillaMatch0.9.7

mozillamozillaMatch0.9.9

mozillamozillaMatch1.0rc1

mozillamozillaMatch1.0rc2

mozillamozillaMatch1.0rc3

netscapenavigatorMatch6.1

netscapenavigatorMatch6.2

CPENameOperatorVersion
mozilla:mozillamozillaeq0.9.7
mozilla:mozillamozillaeq0.9.9
mozilla:mozillamozillaeq1.0
netscape:navigatornetscape navigatoreq6.1
netscape:navigatornetscape navigatoreq6.2

CPE	Name	Operator	Version
mozilla:mozilla	mozilla	eq	0.9.7
mozilla:mozilla	mozilla	eq	0.9.9
mozilla:mozilla	mozilla	eq	1.0
netscape:navigator	netscape navigator	eq	6.1
netscape:navigator	netscape navigator	eq	6.2

References

marc.info/?l=bugtraq&m=102017952204097&w=2

marc.info/?l=ntbugtraq&m=102020343728766&w=2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2002-0354

nvd1 cvelist1