Lucene search

MitreCVE-2002-1867

HistoryJun 28, 2005 - 4:00 a.m.

CVE-2002-1867

2005-06-2804:00:00

mitre

web.nvd.nist.gov

bizdesign imagefolio

imagefolio 2.23

imagefolio 2.26

access control

denial of service

cve-2002-1867

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).

Affected configurations

Nvd

Node

bizdesignimagefolioMatch2.23

bizdesignimagefolioMatch2.24

bizdesignimagefolioMatch2.26

VendorProductVersionCPE
bizdesignimagefolio2.23cpe:2.3:a:bizdesign:imagefolio:2.23:*:*:*:*:*:*:*
bizdesignimagefolio2.24cpe:2.3:a:bizdesign:imagefolio:2.24:*:*:*:*:*:*:*
bizdesignimagefolio2.26cpe:2.3:a:bizdesign:imagefolio:2.26:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bizdesign	imagefolio	2.23	cpe:2.3:a:bizdesign:imagefolio:2.23:::::::*
bizdesign	imagefolio	2.24	cpe:2.3:a:bizdesign:imagefolio:2.24:::::::*
bizdesign	imagefolio	2.26	cpe:2.3:a:bizdesign:imagefolio:2.26:::::::*

References

marc.info/?l=bugtraq&m=102373053829427&w=2

www.iss.net/security_center/static/9308.php

www.securityfocus.com/bid/4975

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Related for CVE-2002-1867