Lucene search

[email protected]CVE-2004-0425

HistoryAug 18, 2004 - 4:00 a.m.

CVE-2004-0425

2004-08-1804:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0425

siteminder

affiliate agent

buffer overflow

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.

Affected configurations

NVD

Node

netegritysideminder_affiliate_agentMatch4.0

CPENameOperatorVersion
netegrity:sideminder_affiliate_agentnetegrity sideminder affiliate agenteq4.0

CPE	Name	Operator	Version
netegrity:sideminder_affiliate_agent	netegrity sideminder affiliate agent	eq	4.0

References

www.atstake.com/research/advisories/2004/a042204-1.txt

www.securityfocus.com/bid/10198

exchange.xforce.ibmcloud.com/vulnerabilities/15950

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2004-0425

cvelist1 nvd1 securityvulns1