Lucene search

[email protected]CVE-2002-0462

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0462

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0462

big sam

dos

server path disclosure

safe_mode

php

remote attack

nvd

7.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.

CPENameOperatorVersion
big_sam:big_sambig sameq1.1.08

CPE	Name	Operator	Version
big_sam:big_sam	big sam	eq	1.1.08

References

www.gezzed.net/bigsam/bigsam.1_1_12.php.txt

www.iss.net/security_center/static/8478.php

www.iss.net/security_center/static/8479.php

www.osvdb.org/5287

www.osvdb.org/5288

www.securityfocus.com/archive/1/262735

www.securityfocus.com/bid/4312

7.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON