[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2002b - 63 candidates



I am proposing cluster MISC-2002b for review and voting by the
Editorial Board.

Name: MISC-2002b
Description: Misc CANs from Sep 2002 to Dec 2002
Size: 63

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020918
Category: SF
Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
Reference: XF:osf1-uucp-source-bo(10146)
Reference: URL:http://www.iss.net/security_center/static/10146.php

Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to
execute arbitrary code via a long source (-s) command line parameter.

Analysis
----------------
ED_PRI CAN-2002-1127 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020918
Category: SF
Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
Reference: XF:osf1-inc-mh-bo(10147)
Reference: URL:http://www.iss.net/security_center/static/10147.php

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows
local users to execute arbitrary code via a long MH environment
variable.

Analysis
----------------
ED_PRI CAN-2002-1128 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020918
Category: SF
Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103248659816294&w=2
Reference: XF:osf1-dxterm-xrm-bo(10148)
Reference: URL:http://www.iss.net/security_center/static/10148.php

Buffer overflow in dxterm allows local users to execute arbitrary code
via a long -xrm argument.

Analysis
----------------
ED_PRI CAN-2002-1129 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-CODEBASE

ABSTRACTION: there may be a codebase relationship between this problem
and other "-xrm" overflows, as reported in other terminal programs
such as CVE-2002-0517 and CVE-1999-0040.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020920
Category: SF
Reference: BUGTRAQ:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103281444824285&w=2
Reference: VULNWATCH:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0127.html
Reference: XF:dinos-dotdot-directory-traversal(10168)
Reference: URL:http://www.iss.net/security_center/static/10168.php
Reference: BID:5782
Reference: URL:http://www.securityfocus.com/bid/5782

Encoded directory traversal vulnerability in Dino's web server 2.1
allows remote attackers to read arbitrary files via ".." (dot dot)
sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.

Analysis
----------------
ED_PRI CAN-2002-1133 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025874209567&w=2

Buffer overflow in Winamp 2.81 allows remote attackers to execute
arbitrary code via a long Artist ID3v2 tag in an MP3 file.

Analysis
----------------
ED_PRI CAN-2002-1176 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ABSTRACTION: The Artist tag overflow in the 2.81 version applies
always, while it only applies in the Media Display window in 3.0, so
they are "different" enough overflows appearing in different versions;
thus separate candidates are assigned.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025874209567&w=2

Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the
Media Library window, allows remote attackers to execute arbitrary
code via an MP3 file containing a long (1) Artist or (2) Album ID3v2
tag.

Analysis
----------------
ED_PRI CAN-2002-1177 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ABSTRACTION: The Artist tag overflow in the 2.81 version applies
always, while it only applies in the Media Display window in 3.0, so
they are "different" enough overflows appearing in different versions;
thus separate candidates are assigned.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1201
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: BUGTRAQ:20021009 Flood ACK packets cause AIX DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103418410408599&w=2
Reference: XF:aix-tcp-flood-dos(10326)
Reference: URL:http://www.iss.net/security_center/static/10326.php

IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of
service (CPU consumption or crash) via a flood of malformed TCP
packets without any flags set, which prevents AIX from releasing the
associated memory buffers.

Analysis
----------------
ED_PRI CAN-2002-1201 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC, SF-CODEBASE

ABSTRACTION: while the attacks for AIX and SecureWay Firewall are the
same, there is sufficient indication that the underlying cause of the
issue is different.  Therefore these items are SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: BUGTRAQ:20021009 Flood ACK packets cause an IBM SecureWay FireWall DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417988503398&w=2
Reference: XF:secureway-tcp-flood-dos(10249)
Reference: URL:http://www.iss.net/security_center/static/10249.php

IBM SecureWay Firewall before 4.2.2 performs extra processing before
determining that a packet is invalid and dropping it, which allows
remote attackers to cause a denial of service (resource exhaustion)
via a flood of malformed TCP packets without any flags set.

Analysis
----------------
ED_PRI CAN-2002-1203 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC, SF-CODEBASE

ABSTRACTION: while the attacks for AIX and SecureWay Firewall are the
same, there is sufficient indication that the underlying cause of the
issue is different.  Therefore these items are SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1204
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
Reference: MISC:http://www.idefense.com/advisory/11.19.02c.txt

Netscape Communicator 4.x allows attackers to use a link to steal a
user's preferences, including potentially sensitive information such
as URL history, e-mail address, and possibly the e-mail password, by
redefining the user_pref() function and accessing the prefs.js file,
which is stored in a directory with a predictable name.

Analysis
----------------
ED_PRI CAN-2002-1204 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1212
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1212
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.15.02.txt
Reference: BUGTRAQ:20021014 iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103471544806141&w=2
Reference: XF:webserver-4everyone-filename-bo(10372)
Reference: URL:http://www.iss.net/security_center/static/10372.php

Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and
1.27, and other versions before 1.30, allows remote attackers to cause
a denial of service (crash) via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1212 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1213
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.15.02.txt
Reference: BUGTRAQ:20021014 iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103471544806141&w=2
Reference: XF:webserver-4everyone-encoded-traversal(10373)
Reference: URL:http://www.iss.net/security_center/static/10373.php

Directory traversal vulnerability in RadioBird Software WebServer 4
Everyone 1.23 and 1.27, and other versions before 1.30, allows remote
attackers to read arbitrary files via an HTTP request with ".."
(dot-dot) sequences containing URL-encoded forward slash ("%2F")
characters.

Analysis
----------------
ED_PRI CAN-2002-1213 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679016031857&w=2
Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html
Reference: MISC:http://www.idefense.com/advisory/11.08.02a.txt
Reference: BID:6145
Reference: URL:http://www.securityfocus.com/bid/6145

Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote
attackers to bypass access restrictions for files via an HTTP request
with a sequence of multiple / (slash) characters such as
http://www.example.com///file/.

Analysis
----------------
ED_PRI CAN-2002-1238 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
Reference: XF:phpnuke-accountmanager-sql-injection(10516)
Reference: URL:http://www.iss.net/security_center/static/10516.php
Reference: BID:6088
Reference: URL:http://www.securityfocus.com/bid/6088

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote
authenticated users to modify the database and gain privileges via the
"bio" argument to modules.php.

Analysis
----------------
ED_PRI CAN-2002-1242 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-net-command-bo(10519)
Reference: URL:http://www.iss.net/security_center/static/10519.php
Reference: BID:6094
Reference: URL:http://www.securityfocus.com/bid/6094

Buffer overflow in Abuse 2.00 and earlier allows local users to gain
root privileges via a long -net command line argument.

Analysis
----------------
ED_PRI CAN-2002-1250 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-lisp-gain-privileges(11300)
Reference: URL:http://www.iss.net/security_center/static/11300.php

Abuse 2.00 and earlier allows local users to gain privileges via
command line arguments that specify alternate Lisp scripts that run at
escalated privileges, which can contain functions that execute
commands or modify files.

Analysis
----------------
ED_PRI CAN-2002-1253 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html
Reference: VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html
Reference: BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&r=1&b=200211&w=2
Reference: EEYE:AD20021112
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20021112.html

Heap-based buffer overflow in the error-handling mechanism for the IIS
ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to
execute arbitrary via an HTTP GET request with a long .cfm file name.

Analysis
----------------
ED_PRI CAN-2002-1309 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-CODEBASE, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html
Reference: VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html
Reference: BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&r=1&b=200211&w=2
Reference: EEYE:AD20021112
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20021112.html

Heap-based buffer overflow in the error-handling mechanism for the IIS
ISAPI handler in Macromedia JRun 4.0 and earlier allows remote
attackers to execute arbitrary via an HTTP GET request with a long
.jsp file name.

Analysis
----------------
ED_PRI CAN-2002-1310 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-CODEBASE, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1471
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1471
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html
Reference: XF:evolution-camel-certificate-mitm(10292)
Reference: URL:http://www.iss.net/security_center/static/10292.php
Reference: BID:5875
Reference: URL:http://www.securityfocus.com/bid/5875

The camel component for Ximian Evolution 1.0.x and earlier does not
verify certificates when it establishes a new SSL connection after
previously verifying a certificate, which could allow remote attackers
to monitor or modify sessions via a man-in-the-middle attack.

Analysis
----------------
ED_PRI CAN-2002-1471 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1478
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-console-mode-commands(10050)
Reference: URL:http://www.iss.net/security_center/static/10050.php
Reference: BID:5630
Reference: URL:http://www.securityfocus.com/bid/5630

Cacti before 0.6.8 allows attackers to execute arbitrary commands via
the "Data Input" option in console mode.

Analysis
----------------
ED_PRI CAN-2002-1478 3
Vendor Acknowledgement:

ACCURACY: it is not clear from the report whether the "console mode"
is remote or not; if only accessible on the command line, this may not
be a vulnerability unless Cacti is setuid.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1479
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1479
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-config-world-readable(10049)
Reference: URL:http://www.iss.net/security_center/static/10049.php
Reference: BID:5628
Reference: URL:http://www.securityfocus.com/bid/5628

Cacti before 0.6.8 stores a MySQL username and password in plaintext
in config.php, which has world-readable permissions, which allows
local users modify databases as the Cacti user and possibly gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-1479 3
Vendor Acknowledgement:

ACCURACY: it is not clear from the report whether the "console mode"
is remote or not; if only accessible on the command line, this may not
be a vulnerability unless Cacti is setuid.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1480
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1480
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020909 phpGB: cross site scripting bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
Reference: BID:5676
Reference: URL:http://www.securityfocus.com/bid/5676
Reference: XF:phpgb-entry-deletion-xss(10060)
Reference: URL:http://www.iss.net/security_center/static/10060.php

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows
remote attackers to inject arbitrary HTML or script into guestbook
pages, which is executed when the administrator deletes the entry.

Analysis
----------------
ED_PRI CAN-2002-1480 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1481
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
Reference: BID:5679
Reference: URL:http://www.securityfocus.com/bid/5679
Reference: XF:phpgb-savesettings-unauth-access(10065)
Reference: URL:http://www.iss.net/security_center/static/10065.php

savesettings.php in phpGB 1.20 and earlier does not require
authentication, which allows remote attackers to cause a denial of
service or execute arbitrary PHP code by using savesettings.php to
modify config.php.

Analysis
----------------
ED_PRI CAN-2002-1481 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1482
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
Reference: BID:5673
Reference: URL:http://www.securityfocus.com/bid/5673
Reference: XF:phpgb-login-sql-injection(10068)
Reference: URL:http://www.iss.net/security_center/static/10068.php

SQL injection vulnerability in login.php for phpGB 1.20 and earlier,
when magic_quotes_gpc is not enabled, allows remote attackers to gain
administrative privileges via SQL code in the password entry.

Analysis
----------------
ED_PRI CAN-2002-1482 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1484
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1484
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: CF
Reference: BUGTRAQ:20020917 Advisory: TCP-Connection risk in DB4Web
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html
Reference: VULNWATCH:20020919 Advisory: TCP-Connection risk in DB4Web
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html
Reference: XF:db4web-tcp-portscan(10136)
Reference: URL:http://www.iss.net/security_center/static/10136.php
Reference: BID:5725
Reference: URL:http://www.securityfocus.com/bid/5725

DB4Web server, when configured to use verbose debug messages, allows
remote attackers to use DB4Web as a proxy and attempt TCP connections
to other systems (port scan) via a request for a URL that specifies
the target IP address and port, which produces a connection status in
the resulting error message.

Analysis
----------------
ED_PRI CAN-2002-1484 3
Vendor Acknowledgement: no disputed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1485
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020923 Trillian Remote DoS Attack - AIM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html

The AIM component of Trillian 0.73 and 0.74 allows remote attackers to
cause a denial of service (crash) via certain strings such as "P > O <
C".

Analysis
----------------
ED_PRI CAN-2002-1485 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1486
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020920 Yet Another. Trillian 'JOIN' Overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html
Reference: BUGTRAQ:20020921 And Again. Trillian 'raw 221' Overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html
Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
Reference: NTBUGTRAQ:20020914 Trillian .74 and below, ident flaw.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html
Reference: NTBUGTRAQ:20020919 Trillian .73 & .74 "PRIVMSG" Overflow.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html
Reference: BID:5769
Reference: URL:http://www.securityfocus.com/bid/5769
Reference: BID:5777
Reference: URL:http://www.securityfocus.com/bid/5777
Reference: XF:trillian-raw221-bo(10151)
Reference: URL:http://www.iss.net/security_center/static/10151.php
Reference: BID:5765
Reference: URL:http://www.securityfocus.com/bid/5765
Reference: XF:trillian-irc-server-bo(10163)
Reference: URL:http://www.iss.net/security_center/static/10163.php
Reference: XF:trillian-irc-join-bo(10150)
Reference: URL:http://www.iss.net/security_center/static/10150.php

Multiple buffer overflows in the IRC component of Trillian 0.73 and
0.74 allows remote malicious IRC servers to cause a denial of service
and possibly execute arbitrary code via (1) a large response from the
server, (2) a JOIN with a long channel name, (3) a long "raw 221"
message, (4) a PRIVMSG with a long nickname, or (5) a long response
from an IDENT server.

Analysis
----------------
ED_PRI CAN-2002-1486 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1487
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1487
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
Reference: BID:5775
Reference: URL:http://www.securityfocus.com/bid/5775
Reference: XF:trillian-irc-raw-dos(10161)
Reference: URL:http://www.iss.net/security_center/static/10161.php

The IRC component of Trillian 0.73 and 0.74 allows remote malicious
IRC servers to cause a denial of service (crash) by sending the raw
messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7)
218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14)
352, and (15) 367.

Analysis
----------------
ED_PRI CAN-2002-1487 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1488
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
Reference: BID:5776
Reference: URL:http://www.securityfocus.com/bid/5776
Reference: XF:trillian-part-message-dos(10162)
Reference: URL:http://www.iss.net/security_center/static/10162.php

The IRC component of Trillian 0.73 and 0.74 allows remote malicious
IRC servers to cause a denial of service (crash) via a PART message
with (1) a missing channel or (2) a channel that the Trillian user is
not in.

Analysis
----------------
ED_PRI CAN-2002-1488 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1489
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20021017 New buffer overflow in plaetDNS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0236.html
Reference: BUGTRAQ:20020914 Planet Web Software Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0166.html
Reference: XF:planetweb-long-url-bo(10391)
Reference: URL:http://www.iss.net/security_center/static/10391.php
Reference: BID:5710
Reference: URL:http://www.securityfocus.com/bid/5710
Reference: XF:planetweb-long-url-bo(10124)
Reference: URL:http://www.iss.net/security_center/static/10124.php

Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote
attackers to execute arbitrary code via (1) an HTTP GET request with a
long URL or (2) a request with a long method name.

Analysis
----------------
ED_PRI CAN-2002-1489 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: both overflows affect version 1.14 and therefore should
be merged according to CD:SF-LOC. In addition, both attacks send a
long string that may be different attack vectors that trigger the same
vulnerable code.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1494
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html
Reference: BID:5618
Reference: URL:http://www.securityfocus.com/bid/5618
Reference: XF:aestiva-htmlos-cgi-xss(10029)
Reference: URL:http://www.iss.net/security_center/static/10029.php

Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows
remote attackers to insert arbitrary HTML or script by inserting the
script after a trailing / character, which inserts the script into the
resulting error message.

Analysis
----------------
ED_PRI CAN-2002-1494 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1495
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020922 JAWmail XSS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html
Reference: XF:jawmail-mail-message-xss(10152)
Reference: URL:http://www.iss.net/security_center/static/10152.php
Reference: BID:5771
Reference: URL:http://www.securityfocus.com/bid/5771

Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows
remote attackers to insert arbitrary script or HTML via (1) attached
file names in the Read Mail feature, (2) text/html mails that are
displayed in a pop-up window, and (3) certain malicious attributes
within otherwise safe tags, such as onMouseOver.

Analysis
----------------
ED_PRI CAN-2002-1495 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1501
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html
Reference: MISC:http://www.enterasys.com/support/techtips/tk0659-9.html
Reference: BID:5703
Reference: URL:http://www.securityfocus.com/bid/5703
Reference: XF:smartswitch-portscan-dos(10096)
Reference: URL:http://www.iss.net/security_center/static/10096.php

The MPS functionality in Enterasys SSR8000 (Smart Switch Router)
before firmware 8.3.0.10 allows remote attackers to cause a denial of
service (crash) via multiple port scans to ports 15077 and 15078.

Analysis
----------------
ED_PRI CAN-2002-1501 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1504
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1504
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020905 advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0045.html
Reference: XF:webserver-4everyone-directory-traversal(10051)
Reference: URL:http://www.iss.net/security_center/static/10051.php

Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows
remote attackers to read arbitrary files via "..\" (dot-dot backslash)
sequences in a URL.

Analysis
----------------
ED_PRI CAN-2002-1504 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1505
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html
Reference: BID:5675
Reference: URL:http://www.securityfocus.com/bid/5675
Reference: XF:wbb-board-sql-injection(10069)
Reference: URL:http://www.iss.net/security_center/static/10069.php

SQL injection vulnerability in board.php for WoltLab Burning Board
(wBB) 2.0 RC 1 and earlier allows remote attackers to modify the
database and possibly gain privileges via the boardid parameter.

Analysis
----------------
ED_PRI CAN-2002-1505 3
Vendor Acknowledgement: unknown discloser-claimed fixed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1507
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020917 Fw: [ut2003bugs] remote denial of service in ut2003 demo
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0116.html
Reference: XF:ut-console-dos(10128)
Reference: URL:http://www.iss.net/security_center/static/10128.php

Unreal Tournament 2003 (ut2003) clients and servers allow remote
attackers to cause a denial of service via malformed messages
containing a small number of characters to UDP ports 7778 or 10777.

Analysis
----------------
ED_PRI CAN-2002-1507 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1512
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020912 Race condition in BRU Workstation 17.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0154.html
Reference: BID:5708
Reference: URL:http://www.securityfocus.com/bid/5708
Reference: XF:bru-xbru-race-condition(10101)
Reference: URL:http://www.iss.net/security_center/static/10101.php

xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary
files and gain root privileges via a symlink attack on the
xbru_dscheck.dd temporary file.

Analysis
----------------
ED_PRI CAN-2002-1512 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: this issue affects the same BRU version as CAN-2002-0210,
but there is a period of several months between reports, so it is
reasonable to have separate identifiers. ABSTRACTION/ACCURACY: the
initial report is not clear, but it may be that the symlink issue
enables the exploit of a shell metacharacter problem as well, as
demonstrated in an exploit that creates an unusual filename in the
logfiles/xferlog directory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1514
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020925 Borland Interbase local root exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html
Reference: BID:5805
Reference: URL:http://www.securityfocus.com/bid/5805
Reference: XF:interbase-gdslockmgr-bo(10196)
Reference: URL:http://www.iss.net/security_center/static/10196.php

gds_lock_mgr in Borland InterBase allows local users to overwrite
files and gain privileges via a symlink attack on a "isc_init1.X"
temporary file, as demonstrated by modifying the xinetdbd file.

Analysis
----------------
ED_PRI CAN-2002-1514 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1521
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
Reference: XF:webserver-4d-plaintext-passwords(10198)
Reference: URL:http://www.iss.net/security_center/static/10198.php
Reference: BID:5803
Reference: URL:http://www.securityfocus.com/bid/5803

Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD
file, which allows attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-1521 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1522
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category:
Reference: BUGTRAQ:20021005 Vulnerabilitie in PowerFTP server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0075.html
Reference: BUGTRAQ:20021012 Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0194.html
Reference: BID:5899
Reference: URL:http://www.securityfocus.com/bid/5899
Reference: XF:powerftp-long-username-dos(10286)
Reference: URL:http://www.iss.net/security_center/static/10286.php

Buffer overflow in PowerFTP FTP server 2.24, and possibly other
versions, allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a long USER argument.

Analysis
----------------
ED_PRI CAN-2002-1522 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1524
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html
Reference: BID:5832
Reference: URL:http://www.securityfocus.com/bid/5832
Reference: XF:winamp-xml-parser-bo(10228)
Reference: URL:http://www.iss.net/security_center/static/10228.php

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488)
allows remote attackers to execute arbitrary code via a skin file
(.wal) with a long include file tag.

Analysis
----------------
ED_PRI CAN-2002-1524 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1525
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020929 [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
Reference: URL:http://online.securityfocus.com/archive/1/293545
Reference: BID:5828
Reference: URL:http://www.securityfocus.com/bid/5828
Reference: XF:sunone-starterkit-search-traversal(10225)
Reference: URL:http://www.iss.net/security_center/static/10225.php

Directory traversal vulnerability in ASTAware SearchDisk engine for
Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary
files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3)
an absolute pathname to port 6017.

Analysis
----------------
ED_PRI CAN-2002-1525 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1526
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1526
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html
Reference: BID:5824
Reference: URL:http://www.securityfocus.com/bid/5824

Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU
Webmail 5.0 allows remote attackers to inject arbitrary HTML or script
via the email address field.

Analysis
----------------
ED_PRI CAN-2002-1526 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1527
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1527
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html
Reference: BID:5823
Reference: URL:http://www.securityfocus.com/bid/5823
Reference: XF:emu-webmail-path-disclosure(10204)
Reference: URL:http://www.iss.net/security_center/static/10204.php

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine
the full pathname for emumail.cgi via a malformed string containing
script, which generates a regular expression matching error that
includes the pathname in the resulting error message.

Analysis
----------------
ED_PRI CAN-2002-1527 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1528
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021010 MondoSearch show the source of all files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html
Reference: XF:mondosearch-url-souce-disclosure(10350)
Reference: URL:http://www.iss.net/security_center/static/10350.php
Reference: BID:5941
Reference: URL:http://www.securityfocus.com/bid/5941

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the
source code of scripts via the mask parameter.

Analysis
----------------
ED_PRI CAN-2002-1528 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1529
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-error-xss(10319)
Reference: URL:http://www.iss.net/security_center/static/10319.php
Reference: BID:5928
Reference: URL:http://www.securityfocus.com/bid/5928

Cross-site scripting (XSS) vulnerability in msgError.asp for the
administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to insert arbitrary script or
HTML via the Reason parameter.

Analysis
----------------
ED_PRI CAN-2002-1529 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1530
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: BID:5929
Reference: URL:http://www.securityfocus.com/bid/5929
Reference: XF:superscout-emailfilter-plaintext-passwords(10320)
Reference: URL:http://www.iss.net/security_center/static/10320.php

The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows users to obtain usernames and plaintext passwords
via a request to the userlist.asp program, which includes the
passwords in a user editing form.

Analysis
----------------
ED_PRI CAN-2002-1530 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1531
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-content-dos(10321)
Reference: URL:http://www.iss.net/security_center/static/10321.php
Reference: BID:5930
Reference: URL:http://www.securityfocus.com/bid/5930

The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to cause a denial of service
(crash) via an HTTP request without a Content-Length parameter.

Analysis
----------------
ED_PRI CAN-2002-1531 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1532
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: BID:5931
Reference: URL:http://www.securityfocus.com/bid/5931
Reference: XF:superscout-emailfilter-get-dos(10322)
Reference: URL:http://www.iss.net/security_center/static/10322.php

The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to cause a denial of service
(resource exhaustion) via a GET request without the terminating
/r/n/r/n (CRLF) sequence, which causes the interface to wait for the
sequence and blocks other users from accessing it.

Analysis
----------------
ED_PRI CAN-2002-1532 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1533
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1533
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html
Reference: BID:5821
Reference: URL:http://www.securityfocus.com/bid/5821
Reference: XF:jetty-http-xss(10219)
Reference: URL:http://www.iss.net/security_center/static/10219.php

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine
allows remote attackers to insert arbitrary HTML or script via an HTTP
request to a .jsp file whose name contains the malicious script and
some encoded linefeed characters (%0a).

Analysis
----------------
ED_PRI CAN-2002-1533 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1534
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1534
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021006 Flash player can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html
Reference: XF:flash-xml-read-files(10297)
Reference: URL:http://www.iss.net/security_center/static/10297.php
Reference: BID:5904
Reference: URL:http://www.securityfocus.com/bid/5904

Macromedia Flash Player allows remote attackers to read arbitrary
files via XML script in a .swf file that is hosted on a remote SMB
share.

Analysis
----------------
ED_PRI CAN-2002-1534 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1535
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021014 Symantec Enterprise Firewall Secure Webserver info leak
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html
Reference: BID:5959
Reference: URL:http://www.securityfocus.com/bid/5959

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall
6.5.2 allows remote attackers to identify IP addresses of hosts on the
internal network via a CONNECT request, which generates different
error messages if the host is present.

Analysis
----------------
ED_PRI CAN-2002-1535 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1536
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1536
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: VULNWATCH:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0028.html
Reference: BUGTRAQ:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution
Reference: URL:http://online.securityfocus.com/archive/1/296163
Reference: BID:6007
Reference: URL:http://www.securityfocus.com/bid/6007
Reference: XF:molly-host-execute-commands(10397)
Reference: URL:http://www.iss.net/security_center/static/10397.php

Molly IRC bot 0.5 allows remote attackers to execute arbitrary
commands via shell metacharacters in (1) the $host variable for
nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3)
the $words or $text variables in sms.pl, or (4) the $server or
$printer variables in hpled.pl.

Analysis
----------------
ED_PRI CAN-2002-1536 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1537
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html
Reference: XF:phpbb-adminugauth-admin-privileges(10489)
Reference: URL:http://www.iss.net/security_center/static/10489.php
Reference: BID:6056
Reference: URL:http://www.securityfocus.com/bid/6056

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain
administrator privileges by directly calling admin_ug_auth.php with
modifed form fields such as "u".

Analysis
----------------
ED_PRI CAN-2002-1537 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1538
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html
Reference: XF:acusend-unauthorized-file-access(10473)
Reference: URL:http://www.iss.net/security_center/static/10473.php
Reference: BID:6048
Reference: URL:http://www.securityfocus.com/bid/6048

Acuma Acusend 4, and possibly earlier versions, allows remote
authenticated users to read the reports of other users by inferring
the full URL, whose name is easily predictable.

Analysis
----------------
ED_PRI CAN-2002-1538 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1539
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1539
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021027 MDaemon SMTP/POP/IMAP server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0382.html
Reference: XF:mdaemon-dele-uidl-dos(10488)
Reference: URL:http://www.iss.net/security_center/static/10488.php
Reference: BID:6053
Reference: URL:http://www.securityfocus.com/bid/6053

Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote
authenticated users to cause a denial of service via long (1) DELE or
(2) UIDL arguments.

Analysis
----------------
ED_PRI CAN-2002-1539 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1541
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html
Reference: BID:6044
Reference: URL:http://www.securityfocus.com/bid/6044
Reference: XF:badblue-protected-file-access(10466)
Reference: URL:http://www.iss.net/security_center/static/10466.php

BadBlue 1.7 allows remote attackers to bypass password protections for
directories and files via an HTTP request containing an extra /
(slash).

Analysis
----------------
ED_PRI CAN-2002-1541 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1542
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: VULNWATCH:20021024 TFTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0040.html

SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to
cause a denial of service (crash) via a large UDP datagram, possibly
triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1542 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1544
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1544
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html

Directory traversal vulnerability in CooolSoft Personal FTP Server
2.24 allows remote attackers to read or modify arbitrary files via ..
(dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put,
or (4) get.

Analysis
----------------
ED_PRI CAN-2002-1544 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: there may be some overlap between this bug and
CAN-2001-0931, which is for PowerFTP 2.03 instead of this package and
version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1545
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html

CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain
the absolute pathname of the FTP root via a PWD command, which
includes the full path in the response.

Analysis
----------------
ED_PRI CAN-2002-1545 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1546
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: VULNWATCH:20021024 [SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0043.html
Reference: MISC:http://www.securityoffice.net/articles/webweaver/
Reference: BID:6041
Reference: URL:http://www.securityfocus.com/bid/6041
Reference: XF:brs-webweaver-file-access(10467)
Reference: URL:http://www.iss.net/security_center/static/10467.php

BRS WebWeaver Web Server 1.01 allows remote attackers to bypass
password protections for files and directories via an HTTP request
containing a "/./" sequence.

Analysis
----------------
ED_PRI CAN-2002-1546 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1549
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html
Reference: BID:6162
Reference: URL:http://www.securityfocus.com/bid/6162
Reference: XF:light-httpd-bo(10607)
Reference: URL:http://www.iss.net/security_center/static/10607.php

Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to
execute arbitrary code via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1549 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1559
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1559
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021101 ion-p.exe allows Remote File Retrieving
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html
Reference: BUGTRAQ:20021101 Re: ion-p.exe allows Remote File Retrieving
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html
Reference: XF:ion-ionp-view-files(10518)
Reference: URL:http://www.iss.net/security_center/static/10518.php
Reference: BID:6091
Reference: URL:http://www.securityfocus.com/bid/6091

Directory traversal vulnerability in ion-p.exe (aka ion-p) allows
remote attackers to read arbitrary files via (1) C: (drive letter) or
(2) .. (dot-dot) sequences in the page parameter.

Analysis
----------------
ED_PRI CAN-2002-1559 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1560
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1560
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021022 gBook
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html
Reference: BID:6033
Reference: URL:http://www.securityfocus.com/bid/6033
Reference: XF:gbook-mysql-admin-access(10455)
Reference: URL:http://www.iss.net/security_center/static/10455.php

index.php in gBook 1.4 allows remote attackers to bypass
authentication and gain administrative privileges by setting the login
parameter to true.

Analysis
----------------
ED_PRI CAN-2002-1560 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007