Lucene search
HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-1064
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.005
Percentile
75.8%
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
Affected configurations
Node
t._hauckjana_web_serverMatch1.0
ORt._hauckjana_web_serverMatch1.45
ORt._hauckjana_web_serverMatch1.46
ORt._hauckjana_web_serverMatch2.0
ORt._hauckjana_web_serverMatch2.0_beta1
ORt._hauckjana_web_serverMatch2.0_beta2
ORt._hauckjana_web_serverMatch2.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| t._hauck | jana_web_server | 1.0 | cpe:2.3:a:t._hauck:jana_web_server:1.0:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 1.45 | cpe:2.3:a:t._hauck:jana_web_server:1.45:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 1.46 | cpe:2.3:a:t._hauck:jana_web_server:1.46:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 2.0 | cpe:2.3:a:t._hauck:jana_web_server:2.0:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 2.0_beta1 | cpe:2.3:a:t._hauck:jana_web_server:2.0_beta1:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 2.0_beta2 | cpe:2.3:a:t._hauck:jana_web_server:2.0_beta2:*:*:*:*:*:*:* |
| t._hauck | jana_web_server | 2.2.1 | cpe:2.3:a:t._hauck:jana_web_server:2.2.1:*:*:*:*:*:*:* |
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.005
Percentile
75.8%
Related for NVD:CVE-2002-1064