Lucene search

[email protected]CVE-2002-0920

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0920

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cgiscript.net

cspassword.cgi

vulnerability

unauthorized access

local users

remote attackers

unencrypted passwords

gain privileges

data modification

nvd

cve-2002-0920

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.1%

JSON

CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.

CPENameOperatorVersion
cgiscript.net:cspasswordcgiscript.net cspasswordeq1.0

CPE	Name	Operator	Version
cgiscript.net:cspassword	cgiscript.net cspassword	eq	1.0

References

online.securityfocus.com/archive/1/274727

www.iss.net/security_center/static/9223.php

www.securityfocus.com/bid/4889

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.1%

JSON