Lucene search

[email protected]CVE-2002-1084

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1084

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

information security

ezcontents

verifylogin

remote attackers

http post requests

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.1%

JSON

The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.

CPENameOperatorVersion
visualshapers:ezcontentsvisualshapers ezcontentsle1.41

CPE	Name	Operator	Version
visualshapers:ezcontents	visualshapers ezcontents	le	1.41

References

archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html

online.securityfocus.com/archive/1/284229

www.iss.net/security_center/static/9711.php

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.1%

JSON