CVE-2002-0097

{"id": "CVE-2002-0097", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-03-25T05:00:00.000", "references": [{"url": "http://geeklog.sourceforge.net/index.php?topic=Security", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/249443", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7869.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3844", "source": "cve@mitre.org"}, {"url": "http://geeklog.sourceforge.net/index.php?topic=Security", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://online.securityfocus.com/archive/1/249443", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/7869.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3844", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account."}, {"lang": "es", "value": "Geeklog 1.3 permite al atacante remoto la apropiaci\u00f3n de cuentas de usuario, incluyendo cuentas del administrador, mediante la modificaci\u00f3n del identificador de usuario (UID) de una 'cookie' permanente implantada en la cuenta atacada."}], "lastModified": "2024-11-20T23:38:18.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EE5B106-CE02-4864-A1FB-B18F66876383"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}