[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-91 - 54 candidates

I am proposing cluster RECENT-91 for review and voting by the
Editorial Board.

Name: RECENT-91
Description: Candidates announced between 3/22/2002 and 4/10/2002
Size: 54

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0382
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020521
Category: SF
Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2
Reference: REDHAT:RHSA-2002:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html
Reference: XF:xchat-dns-execute-commands(8704)
Reference: URL:http://www.iss.net/security_center/static/8704.php
Reference: BID:4376
Reference: URL:http://www.securityfocus.com/bid/4376

Xchat IRC client allows remote attackers to execute arbitrary commands
via a /dns command on a host whose DNS reverse lookup contains shell
metacharacters.

Analysis
----------------
ED_PRI CAN-2002-0382 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0490
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers
Reference: URL:http://www.securityfocus.com/archive/1/264041
Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog
Reference: XF:instant-webmail-pop-commands(8650)
Reference: URL:http://www.iss.net/security_center/static/8650.php
Reference: BID:4361
Reference: URL:http://www.securityfocus.com/bid/4361

Instant Web Mail before 0.60 does not properly filter CR/LF sequences,
which allows remote attackers to (1) execute arbitrary POP commands
via the id parameter in message.php, or (2) modify certain mail
message headers via numerous parameters in write.php.

Analysis
----------------
ED_PRI CAN-2002-0490 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the change log for version 0.60, dated March 17,
2002, says "For security reasons it is no longer possible to write
extra headers besides the normal ones when composing messages."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0494
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug
Reference: URL:http://www.securityfocus.com/archive/1/263914
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389
Reference: BID:4357
Reference: URL:http://www.securityfocus.com/bid/4357
Reference: XF:websight-directory-system-css(8624)
Reference: URL:http://www.iss.net/security_center/static/8624.php

Cross-site scripting vulnerability in WebSight Directory System 0.1
allows remote attackers to execute arbitrary Javascript and gain
access to the WebSight administrator via a new link submission
containing the script in a website name.

Analysis
----------------
ED_PRI CAN-2002-0494 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: A news item posted by the vendor titled "Important
security fix!", dated 20020325, says "the problem was that in the
administration area, there was no prevention from javascripts etc to
being executed," and credits the poster.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0501
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server
Reference: URL:http://online.securityfocus.com/archive/1/264450
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094
Reference: XF:posadis-logging-format-string(8653)
Reference: URL:http://www.iss.net/security_center/static/8653.php
Reference: BID:4378
Reference: URL:http://www.securityfocus.com/bid/4378

Format string in log_print() function of Posadis DNS server before
version m5pre2 allows local users and possibly remote attackers to
execute arbitrary code via format strings that are inserted into
logging messages.

Analysis
----------------
ED_PRI CAN-2002-0501 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: a vendor announcement fixes the vulnerability "As
reported on Bugtraq March 27 2002."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0505
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails
Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
Reference: XF:cisco-cti-memory-leak(8655)
Reference: URL:http://www.iss.net/security_center/static/8655.php
Reference: BID:4370
Reference: URL:http://www.securityfocus.com/bid/4370

Memory leak in the Call Telephony Integration (CTI) Framework
authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows
remote attackers to cause a denial of service (crash and reload) via a
series of authentication failures, e.g. via incorrect passwords.

Analysis
----------------
ED_PRI CAN-2002-0505 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0508
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0508
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020328 vuln in wwwisis: remote command execution and get files
Reference: URL:http://online.securityfocus.com/archive/1/264682
Reference: BUGTRAQ:20020402 RE: [VulnWatch] vuln in wwwisis: remote command execution and get files
Reference: URL:http://online.securityfocus.com/archive/1/265456
Reference: CONFIRM:http://www.bireme.br/security.htm
Reference: BID:4384
Reference: URL:http://www.securityfocus.com/bid/4384
Reference: XF:wwwisis-remote-command-execution(8660)
Reference: URL:http://www.iss.net/security_center/static/8660.php
Reference: BID:4383
Reference: URL:http://www.securityfocus.com/bid/4383
Reference: VULNWATCH:20020328 [VulnWatch] vuln in wwwisis: remote command execution and get files
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0077.html

wwwisis 3.45 and earlier allows remote attackers to execute arbitrary
commands and read files via the parameters (1) prolog or (2) epilog.

Analysis
----------------
ED_PRI CAN-2002-0508 1
Vendor Acknowledgement: yes advisory

ABSTRACTION: CD:SF-LOC suggests doing a SPLIT when problems of
different types are reported. However, in this case, there is
insufficient detail to know whether the command execution and file
read issues stem from different problems or not. While file reading
and command execution are normally due to separate issues, the patches
suggested by the vendor imply a single issue, namely that the prolog
and epilog variables were not specified as special CGI variables.
ACKNOWLEDGEMENT: An advisory on the vendor web site says "The security
issue reported by Mr. Klaus Ripke [the discloser] exists. It affects
only wwwisis 3.x." Additional details are then provided.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0511
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CALDERA:CSSA-2002-013.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt
Reference: XF:nscd-dns-ptr-validation(8745)
Reference: URL:http://www.iss.net/security_center/static/8745.php
Reference: BID:4399
Reference: URL:http://www.securityfocus.com/bid/4399

The default configuration of Name Service Cache Daemon (nscd) in
Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of
consulting the authoritative DNS server for the A record, which could
make it easier for remote attackers to bypass applications that
restrict access based on host names.

Analysis
----------------
ED_PRI CAN-2002-0511 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0512
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CALDERA:CSSA-2002-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt
Reference: BID:4400
Reference: URL:http://www.securityfocus.com/bid/4400

startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the
LD_LIBRARY_PATH environment variable to include the current working
directory, which could allow local users to gain privileges of other
users running startkde via Trojan horse libraries.

Analysis
----------------
ED_PRI CAN-2002-0512 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0513
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise
Reference: URL:http://online.securityfocus.com/archive/1/265438
Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14
Reference: XF:symatec-popper-admin-access(8746)
Reference: URL:http://www.iss.net/security_center/static/8746.php
Reference: BID:4412
Reference: URL:http://www.securityfocus.com/bid/4412

The PHP administration script in popper_mod 1.2.1 and earlier relies
on Apache .htaccess authentication, which allows remote attackers to
gain privileges if the script is not appropriately configured by the
administrator.

Analysis
----------------
ED_PRI CAN-2002-0513 1
Vendor Acknowledgement: yes

INCLUSION: Whether this dependency on .htaccess is a design problem or
a configuration problem, this issue meets the definition of
vulnerability and should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0531
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 emumail.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/
Reference: XF:emumail-cgi-view-files(8766)
Reference: URL:http://www.iss.net/security_center/static/8766.php
Reference: BID:4435
Reference: URL:http://www.securityfocus.com/bid/4435

Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x
and 5.1.0 allows remote attackers to read arbitrary files or list
arbitrary directories via a .. (dot dot) in the type parameter.

Analysis
----------------
ED_PRI CAN-2002-0531 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the download page for Webmail includes a statement
dated April 11, 2002, which says "This patch corrects a security flaw
in EMU Webmail which may allow remote users to exploit emumail.cgi
under certain conditions to read files on the remote system."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0543
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24
Reference: BID:4466
Reference: URL:http://www.securityfocus.com/bid/4466
Reference: XF:abyss-unicode-directory-traversal(8805)
Reference: URL:http://www.iss.net/security_center/static/8805.php

Directory traversal vulnerability in Aprelium Abyss Web Server
(abyssws) before 1.0.0.2 allows remote attackers to read files outside
the web root, including the abyss.conf file, via URL-encoded .. (dot
dot) sequences in the HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0543 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: a posting to a vendor forum titled "Patched release
1.0.0.2" and dated 20020408 says that the patch is "against some form
of dot-dot URLs refering to an aliased directory and that can allow
people to read abyss.conf file."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0545
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CISCO:20020409 Aironet Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml
Reference: BID:4461
Reference: URL:http://www.securityfocus.com/bid/4461
Reference: XF:cisco-aironet-telnet-dos(8788)
Reference: URL:http://www.iss.net/security_center/static/8788.php

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers
to cause a denial of service (reboot) via a series of login attempts
with invalid usernames and passwords.

Analysis
----------------
ED_PRI CAN-2002-0545 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0516
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
Reference: BID:4385
Reference: URL:http://www.securityfocus.com/bid/4385
Reference: XF:squirrelmail-theme-command-execution(8671)
Reference: URL:http://www.iss.net/security_center/static/8671.php

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users
to execute arbitrary commands by modifying the THEME variable in a
cookie.

Analysis
----------------
ED_PRI CAN-2002-0516 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0532
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified)
Reference: URL:http://online.securityfocus.com/archive/1/266930
Reference: XF:emumail-http-host-execute(8836)
Reference: URL:http://www.iss.net/security_center/static/8836.php
Reference: BID:4488
Reference: URL:http://www.securityfocus.com/bid/4488

EMU Webmail allows local users to execute arbitrary programs via a ..
(dot dot) in the HTTP Host header that points to a Trojan horse
configuration file that contains a pageroot specifier that contains
shell metacharacters.

Analysis
----------------
ED_PRI CAN-2002-0532 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: an inquiry was posted to
http://www.emumail.com/support/tech_inquiry.html on June 3, 2002.
WIthin 24 hours, techprod@emumail.com confirmed the vulnerability:
"Yes this has been fixed...there is an update patch for 4.5 and 5.1 on
our website.  Known versions that are affected are 4.5 and 5.x, 4.0
and earlier version may be affected/"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0536
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0536
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html
Reference: XF:phpgroupware-sql-injection(8755)
Reference: URL:http://www.iss.net/security_center/static/8755.php
Reference: BID:4424
Reference: URL:http://www.securityfocus.com/bid/4424

PHPGroupware 0.9.12 and earlier, when running with the
magic_quotes_gpc feature disabled, allows remote attackers to
compromise the database via a SQL injection attack.

Analysis
----------------
ED_PRI CAN-2002-0536 2
Vendor Acknowledgement: yes followup

INCLUSION: a followup from the vendor indicates that the issue is due
to a non-default configuration of magic_quotes_gpc in phpGroupWare's
configuration file. While this could be attributed to an apparent
limitation of PHP itself (since the quotes apparently can't be cleanly
enabled within the PHP programs themselves?), this vendor did not work
around this issue, so the problem should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html
Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html
Reference: XF:winamp-mp3-browser-css(8753)
Reference: URL:http://www.iss.net/security_center/static/8753.php
Reference: BID:4414
Reference: URL:http://www.securityfocus.com/bid/4414

Cross-site scripting vulnerability in the mini-browser for Winamp 2.78
and 2.79 allows remote attackers to execute script via an ID3v1 or
ID3v2 tag in an MP3 file.

Analysis
----------------
ED_PRI CAN-2002-0546 2
Vendor Acknowledgement: yes followup

ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says
"minibrowser security fix," but it is not clear that the vendor is
fixing *this* vulnerability, as there are several issues that affect
2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly
CAN-2002-0284).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0474
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/264897
Reference: BID:4394
Reference: URL:http://www.securityfocus.com/bid/4394
Reference: XF:zeroforum-img-css(8702)
Reference: URL:http://www.iss.net/security_center/static/8702.php

Cross-site scripting vulnerability in ZeroForum allows remote
attackers to execute arbitrary Javascript on web clients by embedding
the script within IMG image tag.

Analysis
----------------
ED_PRI CAN-2002-0474 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0475
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/6W00Q202UM.html
Reference: XF:phpbb-cross-site-scripting(7459)
Reference: URL:http://www.iss.net/security_center/static/7459.php
Reference: BID:4379
Reference: URL:http://www.securityfocus.com/bid/4379

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows
remote attackers to execute arbitrary Javascript on web clients by
embedding the script within an IMG image tag while editing a message.

Analysis
----------------
ED_PRI CAN-2002-0475 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0482
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020321 Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0285.html
Reference: BID:4348
Reference: URL:http://www.securityfocus.com/bid/4348
Reference: XF:netsupport-manager-directory-traversal(8610)
Reference: URL:http://www.iss.net/security_center/static/8610.php

Directory traversal vulnerability in PCI Netsupport Manager before
version 7, when running web extensions, allows remote attackers to
read arbitrary files via a .. (dot dot) in the HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-0482 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0485
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020322 One more way to bypass NAV
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101684260510079&w=2
Reference: BUGTRAQ:20020322 One more way to bypass NAV
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101681724810317&w=2

Norton Anti-Virus (NAV) allows remote attackers to bypass content
filtering via attachments whose Content-Type and Content-Disposition
headers are mixed upper and lower case, which is ignored by some mail
clients.

Analysis
----------------
ED_PRI CAN-2002-0485 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0486
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.)
Reference: URL:http://www.securityfocus.com/archive/1/263485
Reference: BID:4344
Reference: URL:http://www.securityfocus.com/bid/4344
Reference: XF:xpede-password-weak-encryption(8614)

Intellisol Xpede 4.1 uses weak encryption to store authentication
information in cookies, which could allow local users with access to
the cookies to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0486 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests distinguishing between different
issues. While the plaintext password and weak encryption are both
related to cryptography, they are different types of cryptography
errors: one, a lack of crypto when it was needed, and the other, a
weak algorithm. Therefore, the two issues should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0487
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0487
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.)
Reference: URL:http://www.securityfocus.com/archive/1/263485
Reference: BID:4346
Reference: URL:http://www.securityfocus.com/bid/4346
Reference: XF:xpede-reauth-plaintext-password(8612)
Reference: URL:http://www.iss.net/security_center/static/8612.php

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript
"session timeout" re-authentication capability, which could allow
local users with access to gain privileges of other Xpede users by
reading the password from the source file, e.g. from the browser's
cache.

Analysis
----------------
ED_PRI CAN-2002-0487 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, DESIGN-WEAK-ENCRYPTION

ABSTRACTION: CD:SF-LOC suggests distinguishing between different
issues. While the plaintext password and weak encryption are both
related to cryptography, they are different types of cryptography
errors: one, a lack of crypto when it was needed, and the other, a
weak algorithm. Therefore, the two issues should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0491
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0491
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020324 Cookie vulnerability in Alguest guestbook (PHP)
Reference: URL:http://www.securityfocus.com/archive/1/263902
Reference: XF:alguest-php-admin-access(8623)
Reference: URL:http://www.iss.net/security_center/static/8623.php
Reference: BID:4355
Reference: URL:http://www.securityfocus.com/bid/4355

admin.php in AlGuest 1.0 guestbook checks for the existence of the
admin cookie to authenticate the AlGuest administrator, which allows
remote attackers to bypass the authentication and gain privileges by
setting the admin cookie to an arbitrary value.

Analysis
----------------
ED_PRI CAN-2002-0491 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0492
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 dcshop.cgi anybody can delete *.setup for database
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete
arbitrary setup files via a null character in the database parameter.

Analysis
----------------
ED_PRI CAN-2002-0492 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

INCLUSION: CD:EX-BETA suggests excluding beta software from CVE unless
it is "permanent beta" or otherwise widespread. This software has been
available in beta since 1999, so it should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0493
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101709002410365&w=2
Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E

Apache Tomcat may be started without proper security settings if
errors are encountered while reading the web.xml file, which could
allow attackers to bypass intended restrictions.

Analysis
----------------
ED_PRI CAN-2002-0493 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0495
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
Reference: URL:http://www.securityfocus.com/archive/1/264169
Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
Reference: BID:4368
Reference: URL:http://www.securityfocus.com/bid/4368
Reference: XF:cssearch-url-execute-commands(8636)
Reference: URL:http://www.iss.net/security_center/static/8636.php

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to
execute arbitrary Perl code via the savesetup command and the setup
parameter, which overwrites the setup.cgi configuration file that is
loaded by csSearch.cgi.

Analysis
----------------
ED_PRI CAN-2002-0495 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: On the csSearch Pro web page, the vendor states
"Security Alert: We recently discovered vulnerabilities in csSearch
versions 2.3 and below. Please download and install csSearch 2.5 to
correct the problem." This is not enough detail to be certain that the
vendor is addressing this particular vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0496
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0496
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020326 SouthWest Telnet talker server. DoS (Denial of Service Attack).
Reference: URL:http://www.securityfocus.com/archive/1/264168
Reference: XF:southwest-http-port-dos(8626)
Reference: URL:http://www.iss.net/security_center/static/8626.php
Reference: BID:4362
Reference: URL:http://www.securityfocus.com/bid/4362

The HTTP server for SouthWest Talker server 1.0.0 allows remote
attackers to cause a denial of service (server crash) via a malformed
URL to port 5002.

Analysis
----------------
ED_PRI CAN-2002-0496 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0498
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0498
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: CF
Reference: BUGTRAQ:20020326 Etnus TotalView 5.
Reference: URL:http://www.securityfocus.com/archive/1/264085
Reference: BID:4365
Reference: URL:http://www.securityfocus.com/bid/4365
Reference: XF:totalview-insecure-privileges(8635)
Reference: URL:http://www.iss.net/security_center/static/8635.php

Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID
59, which could allow local users with that UID or GID to modify the
files and gain privileges as other TotalView users.

Analysis
----------------
ED_PRI CAN-2002-0498 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0499
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0499
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020326 d_path() truncating excessive long path name vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/264117
Reference: MISC:http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
Reference: BID:4367
Reference: URL:http://www.securityfocus.com/bid/4367
Reference: XF:linux-dpath-truncate-path(8634)
Reference: URL:http://www.iss.net/security_center/static/8634.php
Reference: VULNWATCH:20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and
earlier, truncates long pathnames without generating an error, which
could allow local users to force programs to perform inappropriate
operations on the wrong directories.

Analysis
----------------
ED_PRI CAN-2002-0499 3
Vendor Acknowledgement:

INCLUSION: the risks of this issue are not well understood, and there
are no explicit exploit scenarios as of this writing (20020522), so
this issue is presently theoretical.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0500
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0500
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020326 Retrieving information on local files in IE (GM#003-IE)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html
Reference: BID:4371
Reference: URL:http://www.securityfocus.com/bid/4371
Reference: XF:ie-dynsrc-information-disclosure(8658)
Reference: URL:http://www.iss.net/security_center/static/8658.php

Internet Explorer 5.0 through 6.0 allows remote attackers to determine
the existence of files on the client via an IMG tag with a dynsrc
property that references the target file, which sets certain elements
of the image object such as file size.

Analysis
----------------
ED_PRI CAN-2002-0500 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0503
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0503
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 Citrix Nfuse directory traversal with boilerplate.asp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html
Reference: BID:4382
Reference: URL:http://www.securityfocus.com/bid/4382
Reference: XF:nfuse-boilerplate-directory-traversal(8654)
Reference: URL:http://www.iss.net/security_center/static/8654.php

Directory traversal vulnerability in boilerplate.asp for Citrix NFuse
1.5 allows remote authenticated users to read arbitrary files via a ..
(dot dot) in the NFuse_Template parameter.

Analysis
----------------
ED_PRI CAN-2002-0503 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0504
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0504
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 NFuse Cross Site Scripting vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html
Reference: BID:4372
Reference: URL:http://www.securityfocus.com/bid/4372
Reference: XF:nfuse-launch-css(8659)
Reference: URL:http://www.iss.net/security_center/static/8659.php

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier
does not quote results from the getLastError method, which allows
remote attackers to execute script in other clients via the
NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.

Analysis
----------------
ED_PRI CAN-2002-0504 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0506
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt
Reference: URL:http://online.securityfocus.com/archive/1/264699
Reference: XF:libnewt-bo(8700)
Reference: URL:http://www.iss.net/security_center/static/8700.php
Reference: BID:4393
Reference: URL:http://www.securityfocus.com/bid/4393

Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33
and earlier may allow attackers to cause a denial of service or
execute arbitrary code in programs that use libnewt.

Analysis
----------------
ED_PRI CAN-2002-0506 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0507
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020328 Authentication with RSA SecurID and Outlook web access
Reference: URL:http://online.securityfocus.com/archive/1/264705
Reference: BID:4390
Reference: URL:http://www.securityfocus.com/bid/4390
Reference: XF:exchange-owa-securid-bypass(8681)
Reference: URL:http://www.iss.net/security_center/static/8681.php

An interaction between Microsoft Outlook Web Access (OWA) with RSA
SecurID allows local users to bypass the SecurID authentication for a
previous user via several submissions of an OWA Authentication request
with the proper OWA password for the previous user, which is
eventually accepted by OWA.

Analysis
----------------
ED_PRI CAN-2002-0507 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0509
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0509
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020328 Oracle9i TSN DoS Attack
Reference: URL:http://online.securityfocus.com/archive/1/264697
Reference: BID:4391
Reference: URL:http://www.securityfocus.com/bid/4391
Reference: XF:oracle-tns-onetcp-dos(8657)
Reference: URL:http://www.iss.net/security_center/static/8657.php

Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1
allows remote attackers to cause a denial of service (CPU consumption)
via a single malformed TCP packet to port 1521.

Analysis
----------------
ED_PRI CAN-2002-0509 3
Vendor Acknowledgement:

ABSTRACTION: a followup post suggests that this issue is similar to,
or the same as, another DoS that affected Oracle 8, announced to
Bugtraq on 20010418.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0514
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered)
Reference: URL:http://www.securityfocus.com/archive/1/265188
Reference: BID:4401
Reference: URL:http://www.securityfocus.com/bid/4401
Reference: XF:firewall-rst-fingerprint(8738)
Reference: URL:http://www.iss.net/security_center/static/8738.php

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the
RST packet, which allows remote attackers to determine if a port is
being filtered because the TTL is different than the default TTL.

Analysis
----------------
ED_PRI CAN-2002-0514 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0515
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0515
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered)
Reference: URL:http://www.securityfocus.com/archive/1/265188
Reference: BID:4403
Reference: URL:http://www.securityfocus.com/bid/4403
Reference: XF:firewall-rst-fingerprint(8738)
Reference: URL:http://www.iss.net/security_center/static/8738.php

IPFilter 3.4.25 and earlier sets a different TTL when a port is being
filtered than when it is not being filtered, which allows remote
attackers to identify filtered ports by comparing TTLs.

Analysis
----------------
ED_PRI CAN-2002-0515 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0520
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020409 Security holes in ASP-Nuke
Reference: URL:http://online.securityfocus.com/archive/82/266705
Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: BID:4475
Reference: URL:http://www.securityfocus.com/bid/4475
Reference: XF:aspnuke-image-css(8829)
Reference: URL:http://www.iss.net/security_center/static/8829.php

Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke
RC1 allows remote attackers to execute script as other ASP-Nuke users
by embedding it within an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0520 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: An automatic translation of the French web page gives
an announcement dated April 8, 2002, whose meaning is sufficiently
clear to indicate acknowledgement: "Thanks to frog-man, I could put
the finger on several faults of safety on the Web site, now filled."
ABSTRACTION: CD:SF-LOC suggests that problems should be SPLIT if they
appear in different versions. Thus, the CSS issues in RC1 (IMG tags)
are SPLIT from the CSS issues in RC2 (downloads.asp, Post.asp,
profile.asp).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0521
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020409 Security holes in ASP-Nuke
Reference: URL:http://online.securityfocus.com/archive/82/266705
Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: BID:4481
Reference: URL:http://www.securityfocus.com/bid/4481
Reference: XF:aspnuke-downloads-post-css(8830)
Reference: URL:http://www.iss.net/security_center/static/8830.php
Reference: XF:aspnuke-user-profile-css(8831)
Reference: URL:http://www.iss.net/security_center/static/8831.php
Reference: BID:4477
Reference: URL:http://www.securityfocus.com/bid/4477

Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow
remote attackers to execute script or gain privileges as other
ASP-Nuke users via script in (1) the name parameter in downloads.asp,
(2) the message parameter in Post.asp, or (3) a web site URL in
profile.asp.

Analysis
----------------
ED_PRI CAN-2002-0521 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: An automatic translation of the French web page gives
an announcement dated April 8, 2002, whose meaning is sufficiently
clear to indicate acknowledgement: "Thanks to frog-man, I could put
the finger on several faults of safety on the Web site, now filled."
ABSTRACTION: CD:SF-LOC suggests that problems should be SPLIT if they
appear in different versions. Thus, the CSS issues in RC1 (IMG tags)
are SPLIT from the CSS issues in RC2 (downloads.asp, Post.asp,
profile.asp).
ABSTRACTION: CD:SF-LOC suggests a SPLIT if problems are of different
types. SecurityFocus appears to distinguish between "cross-agent
scripting" (injecting HTML/script into a web page) and "cross-site
scripting" (injecting HTML/script into a link). However, while the
results and attack vectors are slightly different, the underlying
cause is still the same: not properly filtering or quoting HTML/script
characters that is echoed back to other users.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0522
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020409 Security holes in ASP-Nuke
Reference: URL:http://online.securityfocus.com/archive/82/266705
Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: XF:aspnuke-account-hijacking(8832)
Reference: URL:http://www.iss.net/security_center/static/8832.php
Reference: BID:4484
Reference: URL:http://www.securityfocus.com/bid/4484

ASP-Nuke RC2 and earlier allows remote attackers to bypass
authentication and gain privileges by modifying the "pseudo" cookie.

Analysis
----------------
ED_PRI CAN-2002-0522 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: An automatic translation of the French web page gives
an announcement dated April 8, 2002, whose meaning is sufficiently
clear to indicate acknowledgement: "Thanks to frog-man, I could put
the finger on several faults of safety on the Web site, now filled."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0523
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020409 Security holes in ASP-Nuke
Reference: URL:http://online.securityfocus.com/archive/82/266705
Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: XF:aspnuke-cookie-reveal-information(8833)
Reference: URL:http://www.iss.net/security_center/static/8833.php
Reference: BID:4489
Reference: URL:http://www.securityfocus.com/bid/4489

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in
users by submitting an invalid "pseudo" cookie.

Analysis
----------------
ED_PRI CAN-2002-0523 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: An automatic translation of the French web page gives
an announcement dated April 8, 2002, whose meaning is sufficiently
clear to indicate acknowledgement: "Thanks to frog-man, I could put
the finger on several faults of safety on the Web site, now filled."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0524
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020409 Security holes in ASP-Nuke
Reference: URL:http://online.securityfocus.com/archive/82/266705
Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: XF:aspnuke-cookie-reveal-information(8833)
Reference: URL:http://www.iss.net/security_center/static/8833.php
Reference: BID:4489
Reference: URL:http://www.securityfocus.com/bid/4489

ASP-Nuke RC2 and earlier allows remote attackers to determine the
absolute path of the server by (1) calling database-inc.asp with
incorrect cookies, or (2) calling Post.asp with certain arguments,
which leak the pathname in an error message.

Analysis
----------------
ED_PRI CAN-2002-0524 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: An automatic translation of the French web page gives
an announcement dated April 8, 2002, whose meaning is sufficiently
clear to indicate acknowledgement: "Thanks to frog-man, I could put
the finger on several faults of safety on the Web site, now filled."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0527
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0527
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020408 KPMG-2002007: Watchguard SOHO Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/266380
Reference: BID:4447
Reference: URL:http://www.securityfocus.com/bid/4447
Reference: XF:watchguard-soho-ipoptions-dos(8774)
Reference: URL:http://www.iss.net/security_center/static/8774.php
Reference: VULNWATCH:20020408 [VulnWatch] KPMG-2002007: Watchguard SOHO Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0006.html

Watchguard SOHO firewall before 5.0.35 allows remote attackers to
cause a denial of service (crash and reboot) when SOHO forwards a
packet with bad IP options.

Analysis
----------------
ED_PRI CAN-2002-0527 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0528
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020410 KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
Reference: URL:http://online.securityfocus.com/archive/1/266948
Reference: XF:watchguard-soho-bypass-restrictions(8814)
Reference: URL:http://www.iss.net/security_center/static/8814.php
Reference: BID:4491
Reference: URL:http://www.securityfocus.com/bid/4491
Reference: VULNWATCH:20020410 [VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html

Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP
restrictions for customized services that were set before the
administrator upgrades to 5.0.35, which could allow remote attackers
to bypass the intended access control rules.

Analysis
----------------
ED_PRI CAN-2002-0528 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0530
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
Reference: URL:http://www.securityfocus.com/archive/1/266888
Reference: VULNWATCH:20020410 [VulnWatch] Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0010.html

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows
remote attackers to execute arbitrary script as other Web Search users
via the search parameter.

Analysis
----------------
ED_PRI CAN-2002-0530 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0533
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0533
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101794993119738&w=2
Reference: BUGTRAQ:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/265798
Reference: XF:phpbb-bbcode-function-dos(8764)
Reference: URL:http://www.iss.net/security_center/static/8764.php
Reference: BID:4432
Reference: URL:http://www.securityfocus.com/bid/4432
Reference: BID:4434
Reference: URL:http://www.securityfocus.com/bid/4434
Reference: VULNWATCH:20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a
denial of service (CPU consumption) and corrupt the database via null
\0 characters within [code] tags.

Analysis
----------------
ED_PRI CAN-2002-0533 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

ABSTRACTION: CD:SF-CODEBASE suggests that if the same issue is in
multiple products that stem from the same codebase, then the issue
should be combined. In this case, the same issue appears in both phpBB
and PostBoard. While the discloser of the PostBoard issue says that it
looks like the code was cut-and-pasted from phpBB, there is no
independent evidence that the two products are linked (e.g., there are
no vendor statements to this effect). So, the two issues have been
SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0544
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0544
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CONFIRM:http://www.aprelium.com/news/abws103.html
Reference: BID:4467
Reference: URL:http://www.securityfocus.com/bid/4467

Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the
administrative console password in plaintext in the abyss.conf file,
which allows local users with access to the file to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0544 3
Vendor Acknowledgement: yes
Content Decisions: DESIGN-WEAK-ENCRYPTION

ACKNOWLEDGEMENT: the vendor's change log for version 1.0.3, dated June
3, 2002, says "The console access password is stored encrypted in the
configuration file."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0547
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html
Reference: MISC:http://www.winamp.com/download/newfeatures.jhtml
Reference: BID:4609
Reference: URL:http://www.securityfocus.com/bid/4609
Reference: XF:winamp-mp3-id3v2-bo(8946)
Reference: URL:http://www.iss.net/security_center/static/8946.php

Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a long string in the title field of an
ID3v2 tag.

Analysis
----------------
ED_PRI CAN-2002-0547 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says
"minibrowser security fix," but it is not clear that the vendor is
fixing *this* vulnerability, as there are several issues that affect
2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly
CAN-2002-0284).  An inquiry was sent to
http://www.winamp.com/support/feedback_fereal.jhtml on June 3, 2002,
with a request ID of 798504.  A response was received 20020607 from
support@winamp.com, asking me to resubmit at
http://www.winamp.com/nsdn/home/feedback.jhtml, which was done
20020607.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0548
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
Reference: XF:anthill-postbug-auth-bypass(8771)
Reference: URL:http://www.iss.net/security_center/static/8771.php
Reference: BID:4443
Reference: URL:http://www.securityfocus.com/bid/4443

Anthill allows remote attackers to bypass authentication and file bug
reports by directly accessing the postbug.php program instead of
enterbug.php.

Analysis
----------------
ED_PRI CAN-2002-0548 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0549
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
Reference: XF:anthill-bug-tracking-css(8770)
Reference: URL:http://www.iss.net/security_center/static/8770.php
Reference: BID:4442
Reference: URL:http://www.securityfocus.com/bid/4442

Cross-site scripting vulnerabilities in Anthill allow remote attackers
to execute script as other Anthill users.

Analysis
----------------
ED_PRI CAN-2002-0549 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0550
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
Reference: XF:dynamic-guestbook-command-execution(8762)
Reference: URL:http://www.iss.net/security_center/static/8762.php
Reference: BID:4423
Reference: URL:http://www.securityfocus.com/bid/4423

Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary
code via shell metacharacters in the gbdaten parameter.

Analysis
----------------
ED_PRI CAN-2002-0550 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0551
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
Reference: XF:dynamic-guestbook-css(8763)
Reference: URL:http://www.iss.net/security_center/static/8763.php
Reference: BID:4422
Reference: URL:http://www.securityfocus.com/bid/4422

Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows
remote attackers to execute code in clients who access guestbook pages
via the parameters (1) name, (2) mail, or (3) kommentar.

Analysis
----------------
ED_PRI CAN-2002-0551 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0556
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 Quik-Serv Web Server v1.1B Arbitrary File Disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html
Reference: BID:4425
Reference: URL:http://www.securityfocus.com/bid/4425
Reference: XF:quikserv-dot-directory-traversal(8754)
Reference: URL:http://www.iss.net/security_center/static/8754.php

Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows
remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Analysis
----------------
ED_PRI CAN-2002-0556 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0558
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0558
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020407 Typsoft FTP Server: yet another directory traversal vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0090.html
Reference: XF:typsoft-ftp-directory-traversal(6165)
Reference: URL:http://www.iss.net/security_center/static/6165.php
Reference: BID:2489
Reference: URL:http://www.securityfocus.com/bid/2489

Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and
earlier allows a remote authenticated user (possibly anonymous) to
list arbitrary directories via a .. in a LIST (ls) command ending in
wildcard *.* characters.

Analysis
----------------
ED_PRI CAN-2002-0558 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that problems of the same type that
appear in different versions should be SPLIT. In this case, the ../*.*
problem appears in 0.97.1, whereas the .. or ... issues
(CAN-2001-0294) were apparently fixed in 0.85, so these problems
should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007