CVE-2002-0513

The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://online.securityfocus.com/archive/1/265438	Vendor Advisory
http://www.iss.net/security_center/static/8746.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/4412	Patch Vendor Advisory
http://www.symatec-computer.com/forums/viewtopic.php?t=14	URL Repurposed

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symatec:popper_mod:1.0:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2.1:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.symatec-computer.com/forums/viewtopic.php?t=14 -~~	(CONFIRM) http://www.symatec-computer.com/forums/viewtopic.php?t=14 - URL Repurposed

Information

Published : 2002-08-12 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-0513

Mitre link : CVE-2002-0513

CVE.ORG link : CVE-2002-0513

JSON object : View

Products Affected

symatec

popper_mod

CWE

NVD-CWE-Other

{"id": "CVE-2002-0513", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/265438", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8746.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4412", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}, {"lang": "es", "value": "El gui\u00f3n (script) de administraci\u00f3n PHP en popper_mod 1.2.1 y anteriores se basa en autenticaci\u00f3n de Apache con .htaccess, lo que permite a atacantes remotos ganar privilegios si el gui\u00f3n no es configurado adecuadamente por el administrador."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symatec:popper_mod:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8516A639-CBD1-4AAF-868B-5377A9BE9FF3"}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "188C56B1-4838-4D90-A307-32779C5FC220"}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "105621FF-74A7-428E-9C56-95DF99B3282F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}