Lucene search

[email protected]CVE-2002-0495

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0495

2003-04-0205:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2002-0495

cssearch 2.3

remote attack

perl code

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.5%

JSON

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Affected configurations

NVD

Node

cgiscriptcssearch_professionalRange≤2.3

CPENameOperatorVersion
cgiscript:cssearch_professionalcgiscript cssearch professionalle2.3

CPE	Name	Operator	Version
cgiscript:cssearch_professional	cgiscript cssearch professional	le	2.3

References

www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7

www.iss.net/security_center/static/8636.php

www.securityfocus.com/archive/1/264169

www.securityfocus.com/bid/4368

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2002-0495

cvelist1 nvd1 nessus1 checkpoint_advisories1