[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-96 - 32 candidates



I am proposing cluster RECENT-96 for review and voting by the
Editorial Board.

Name: RECENT-96
Description: CANs announced between 2002/06/02 and 2002/06/28
Size: 32

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp

Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server
2000 allows remote attackers to execute arbitrary code via data
queries with a long content-type parameter, aka "Unchecked Buffer in
SQLXML ISAPI Extension."

Analysis
----------------
ED_PRI CAN-2002-0186 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0187
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp

Cross-site scripting vulnerability in the SQLXML component of
Microsoft SQL Server 2000 allows an attacker to execute arbitrary
script via the root parameter as part of an XML SQL query, aka "Script
Injection via XML Tag."

Analysis
----------------
ED_PRI CAN-2002-0187 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020502
Category: SF
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Reference: SGI:20020606-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I

xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which
allows remote attackers to call dangerous RPC functions, including
those that can mount or unmount xfs file systems, to gain root
privileges.

Analysis
----------------
ED_PRI CAN-2002-0359 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0364
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2
Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2
Reference: VULNWATCH:20020612 [VulnWatch] ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
Reference: MS:MS02-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-028.asp

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0
and 5.0 allows attackers to execute arbitrary code via the processing
of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding
Could Enable Web Server Compromise."

Analysis
----------------
ED_PRI CAN-2002-0364 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0366
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt
Reference: MS:MS02-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
Reference: BID:4852
Reference: URL:http://www.securityfocus.com/bid/4852

Buffer overflow in Remote Access Service (RAS) phonebook for Windows
NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows
local users to execute arbitrary code by modifying the rasphone.pbk
file to use a long dial-up entry.

Analysis
----------------
ED_PRI CAN-2002-0366 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0371
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020604 Buffer overflow in MSIE gopher code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102320516707940&w=2
Reference: MS:MS02-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-027.asp
Reference: BUGTRAQ:20020613 Microsoft releases critical fix that breaks their own software!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397955217618&w=2
Reference: BUGTRAQ:20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70
Reference: URL:http://online.securityfocus.com/archive/1/276848
Reference: CERT-VN:VU#440275
Reference: URL:http://www.kb.cert.org/vuls/id/440275
Reference: MISC:http://www.pivx.com/workaround_fail.html
Reference: XF:ie-gopher-bo(9247)
Reference: URL:http://www.iss.net/security_center/static/9247.php
Reference: BID:4930
Reference: URL:http://www.securityfocus.com/bid/4930

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1
through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote
attackers to execute arbitrary code via a gopher:// URL that redirects
the user to a real or simulated gopher server that sends a long
response.

Analysis
----------------
ED_PRI CAN-2002-0371 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0372
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp

Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player
for Windows XP allow remote attackers to bypass Internet Explorer's
(IE) security mechanisms and run code via an executable .wma media
file with a license installation requirement stored in the IE cache,
aka the "Cache Path Disclosure via Windows Media Player".

Analysis
----------------
ED_PRI CAN-2002-0372 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0373
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp

The Windows Media Device Manager (WMDM) Service in Microsoft Windows
Media Player 7.1 on Windows 2000 systems allows local users to obtain
LocalSystem rights via a program that calls the WMDM service to
connect to an invalid local storage device, aka "Privilege Elevation
through Windows Media Device Manager Service".

Analysis
----------------
ED_PRI CAN-2002-0373 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020530
Category: SF
Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt
Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding
Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available
Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle
Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit
Reference: BUGTRAQ:20020620 Apache Exploit
Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache
Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment.
Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive
Reference: CERT:CA-2002-17
Reference: URL:http://www.cert.org/advisories/CA-2002-17.html
Reference: SGI:20020605-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Reference: REDHAT:RHSA-2002:103
Reference: MANDRAKE:MDKSA-2002:039

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a chunk-encoded HTTP request that causes Apache to use an
incorrect size.

Analysis
----------------
ED_PRI CAN-2002-0392 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: BID:4821
Reference: URL:http://online.securityfocus.com/bid/4821

The Windows Media Active Playlist in Microsoft Windows Media Player
7.1 stores information in a well known location on the local file
system, allowing attackers to execute HTML scripts in the Local
Computer zone, aka "Media Playback Script Invocation".

Analysis
----------------
ED_PRI CAN-2002-0615 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0616
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0616
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code by attaching an inline macro
to an object within an Excel workbook, aka the "Excel Inline Macros
Vulnerability."

Analysis
----------------
ED_PRI CAN-2002-0616 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0617
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0617
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code by creating a hyperlink on a
drawing shape in a source workbook that points to a destination
workbook containing an autoexecute macro, aka "Hyperlinked Excel
Workbook Macro Bypass."

Analysis
----------------
ED_PRI CAN-2002-0617 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0618
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0618
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256054320377&w=2
Reference: MISC:http://www.guninski.com/ex$el2.html
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: BID:4821
Reference: URL:http://online.securityfocus.com/bid/4821

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code in the Local Computer zone by
embedding HTML scripts within an Excel workbook that contains an XSL
stylesheet, aka "Excel XSL Stylesheet Script Execution".

Analysis
----------------
ED_PRI CAN-2002-0618 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0619
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0619
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102139136019862&w=2

The Mail Merge Tool in Microsoft Word 2002 for Windows, Microsoft
Access is present on a system, allows remote attackers to execute
Visual Basic (VBA) scripts within a mail merge document saved in HTML
format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability"
(CVE-2000-0788).

Analysis
----------------
ED_PRI CAN-2002-0619 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0621
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp

Buffer overflow in the Office Web Components (OWC) package installer
used by Microsoft Commerce Server 2000 allows remote attackers to
cause the process to fail or run arbitray code in the LocalSystem
security context by via input to the OWC package installer.

Analysis
----------------
ED_PRI CAN-2002-0621 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0622
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0622
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp

The Office Web Components (OWC) package installer for Microsoft
Commerce Server 2000 allows remote attackers to execute commands by
passing the commands as input to the OWC package installer, aka "OWC
Package Command Execution".

Analysis
----------------
ED_PRI CAN-2002-0622 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0623
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0623
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce
Server 2000 and 2002 allows remote attackers to execute arbitrary code
via long authentication data, aka "New Variant of the ISAPI Filter
Buffer Overrun".

Analysis
----------------
ED_PRI CAN-2002-0623 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0631
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020621
Category: SF
Reference: SGI:20020607-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I

Vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through
6.5.16 allows local users to write arbitrary files and gain root root
privileges.

Analysis
----------------
ED_PRI CAN-2002-0631 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0639
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: NETBSD:2002-005
Reference: CERT-VN:VU#369347
Reference: CERT:CA-2002-18
Reference: HP:HPSBUX0206-195
Reference: BID:5093

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote
attackers to execute arbitrary code during challenge response
authentication (ChallengeResponseAuthentication) when OpenSSH is using
SKEY or BSD_AUTH authentication.

Analysis
----------------
ED_PRI CAN-2002-0639 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0640
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514631524575&w=2
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514371522793&w=2
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102521542826833&w=2
Reference: BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102532054613894&w=2
Reference: CERT-VN:VU#369347
Reference: URL:http://www.kb.cert.org/vuls/id/369347
Reference: CERT:CA-2002-18
Reference: URL:http://www.cert.org/advisories/CA-2002-18.html
Reference: DEBIAN:DSA-134
Reference: URL:http://www.debian.org/security/2002/dsa-134
Reference: HP:HPSBUX0206-195
Reference: BID:5093
Reference: URL:http://www.securityfocus.com/bid/5093

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote
attackers to execute arbitrary code via a large number of responses
during challenge response authentication when OpenBSD is using PAM
modules with interactive keyboard authentication
(PAMAuthenticationViaKbdInt).

Analysis
----------------
ED_PRI CAN-2002-0640 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2
Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND
Reference: CERT:CA-2002-19
Reference: URL:http://www.cert.org/advisories/CA-2002-19.html
Reference: CERT:VU#803539
Reference: URL:http://www.kb.cert.org/vuls/id/803539
Reference: FREEBSD:FreeBSD-SA-02:28.resolv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2
Reference: NETBSD:NetBSD-SA2002-006
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
Reference: MANDRAKE:MDKSA-2002:043
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php

Buffer overflow in the DNS resolver code used in libc, glibc, and
libbind, as derived from ISC BIND, allows remote malicious DNS servers
to cause a denial of service and possibly execute arbitrary code via
the stub resolvers.

Analysis
----------------
ED_PRI CAN-2002-0651 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0652
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020630
Category: SF
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Reference: SGI:20020606-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I

xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute
arbitrary code via shell metacharacters that are not properly filtered
from several calls to the popen() function, such as export_fs().

Analysis
----------------
ED_PRI CAN-2002-0652 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0653
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513970919836&w=2
Reference: REDHAT:RHSA-2002:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-134.html
Reference: CALDERA:CSSA-2002-031.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt

Off-by-one buffer overflow in mod_ssl Apache module versions 2.8.9 and
earlier allows local users execute arbitrary code as the Apache server
user.

Analysis
----------------
ED_PRI CAN-2002-0653 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0665
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020704
Category: SF
Reference: BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102529402127195&w=2
Reference: VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164

Macromedia JRun Administration Server allows remote attackers to
bypass authentication on the login form via an extra slash (/) in the
URL.

Analysis
----------------
ED_PRI CAN-2002-0665 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0688
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0688
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1
allows anonymous users and untrusted code to bypass access
restrictions and call arbitrary methods of catalog indexes.

Analysis
----------------
ED_PRI CAN-2002-0688 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0701
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650797504351&w=2
Reference: OPENBSD:20020627 009: SECURITY FIX: June 27, 2002
Reference: URL:http://www.openbsd.org/errata.html#ktrace

ktrace in BSD-based operating systems allows the owner of a process
with special privileges to trace the process after its privileges have
been lowered, which may allow the owner to obtain sensitive
information that the process obtained while it was running with the
extra privileges.

Analysis
----------------
ED_PRI CAN-2002-0701 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0716
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102323070305101&w=2
Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323386107641&w=2
Reference: CALDERA:CSSA-2002-SCO.35

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and
5.0.6 allows local users to gain privileges via format string
specifiers in the file name argument.

Analysis
----------------
ED_PRI CAN-2002-0716 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0378
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020516
Category: CF
Reference: REDHAT:RHSA-2002:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-089.html
Reference: MANDRAKE:MDKSA-2002:042
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-042.php

The default configuration of LPRng print spooler in Red Hat Linux 7.0
through 7.3 and Mandrake 8.1 and 8.2 accepts print jobs from arbitrary
remote hosts.

Analysis
----------------
ED_PRI CAN-2002-0378 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0620
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0620
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: BID:4853
Reference: URL:http://online.securityfocus.com/bid/4853

Buffer overflow in the Profile Service of Microsoft Commerce Server
2000 allows remote attackers to cause the server to fail or run
arbitrary code in the LocalSystem security context via an input field
using an affected API.

Analysis
----------------
ED_PRI CAN-2002-0620 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0796
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0796
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102321107714554&w=2
Reference: SUN:00219
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219
Reference: BID:4932
Reference: URL:http://www.securityfocus.com/bid/4932
Reference: XF:solaris-snmpdx-format-string(9241)
Reference: URL:http://www.iss.net/security_center/static/9241.php

Format string vulnerability in the logging component of snmpdx for
Solaris 5.6 through 8 allows remote attackers to gain root privileges.

Analysis
----------------
ED_PRI CAN-2002-0796 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0797
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0797
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102321107714554&w=2
Reference: SUN:00219
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219
Reference: XF:solaris-mibiisa-bo(9242)
Reference: URL:http://www.iss.net/security_center/static/9242.php
Reference: BID:4933
Reference: URL:http://www.securityfocus.com/bid/4933

Buffer overflow in the MIB parsing component of mibiisa for Solaris
5.6 through 8 allows remote attackers to gain root privileges.

Analysis
----------------
ED_PRI CAN-2002-0797 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0800
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0800
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020601 BadBlue Web Server v1.7.0 Directory Contents Disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html
Reference: XF:badblue-directory-contents-disclosure(9239)
Reference: URL:http://www.iss.net/security_center/static/9239.php
Reference: BID:4912
Reference: URL:http://www.securityfocus.com/bid/4912

BadBlue 1.7.0 allows remote attackers to list the contents of
directories via a URL with an encoded '%' character at the end.

Analysis
----------------
ED_PRI CAN-2002-0800 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007