ID CVE-2002-1028 Type cve Reporter NVD Modified 2008-09-05T16:29:35
Description
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1028", "history": [], "references": ["http://www.iss.net/security_center/static/9585.php", "http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html", "http://www.securityfocus.com/bid/5248", "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:"], "lastseen": "2016-09-03T03:31:23", "bulletinFamily": "NVD", "title": "CVE-2002-1028", "cpe": ["cpe:/a:oddsock:song_requester:2.1"], "viewCount": 0, "id": "CVE-2002-1028", "hash": "ff160344b0992359faf9f52ec0093d5abe56379995cc77855fe08b48e118737a", "description": "Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2002-1028"], "scanner": [], "modified": "2008-09-05T16:29:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2002-10-04T00:00:00", "enchantments": {"vulnersScore": 5.0}}
{"result": {"exploitdb": [{"id": "EDB-ID:21620", "type": "exploitdb", "title": "Oddsock Song Requester 2.1 - WinAmp Plugin Denial of Service Vulnerability", "description": "Oddsock Song Requester 2.1 WinAmp Plugin Denial Of Service Vulnerability. CVE-2002-1028. Dos exploit for cgi platform", "published": "2002-07-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21620/", "cvelist": ["CVE-2002-1028"], "lastseen": "2016-02-02T16:54:09"}], "osvdb": [{"id": "OSVDB:6769", "type": "osvdb", "title": "Song Requester Winamp Plugin request.cgi Multiple Variable Overflow DoS", "description": "## Vulnerability Description\nA remote overflow exists in Oddspot Song Requester. The Song Requester fails to check the length of multiple variables in the request.cgi script resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.\n## Solution Description\nUpgrade to version 2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Oddspot Song Requester. The Song Requester fails to check the length of multiple variables in the request.cgi script resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.\n## Manual Testing Notes\nhttp://[victim]/request.cgi?listpos=9999999999999999999999999999(9x256)\n\nhttp://[victim]/request.cgi?psearch=999999999999999999999999999999(9x254)\n## References:\nVendor URL: http://www.oddsock.org/tools/gen_songrequester/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html\nISS X-Force ID: 9585\n[CVE-2002-1028](https://vulners.com/cve/CVE-2002-1028)\nBugtraq ID: 5248\n", "published": "2002-07-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6769", "cvelist": ["CVE-2002-1028"], "lastseen": "2017-04-28T13:20:01"}]}}
