CVE-2002-0107

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=101052887431488&w=2
http://online.securityfocus.com/archive/1/254167	Exploit Patch Vendor Advisory
http://www.iss.net/security_center/static/7835.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/3841	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cacheflow:cacheos:0.0:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.02:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.03:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.04:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.05:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.06:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.07:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.08:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.09:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.10:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.11:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.12:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.13:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.14:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.15:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.16:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.17:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.18:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.19:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.20:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.11:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.12:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.13:::::::*

History

No history.

Information

Published : 2002-03-25 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-0107

Mitre link : CVE-2002-0107

CVE.ORG link : CVE-2002-0107

JSON object : View

Products Affected

cacheflow

cacheos

CWE

NVD-CWE-Other

{"id": "CVE-2002-0107", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-03-25T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=101052887431488&w=2", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/254167", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7835.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3841", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message."}, {"lang": "es", "value": "El interfaz web de adminsitraci\u00f3n en CacheFlow CacheOS 4.0.13 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible mediante una serie de peticiones GET que no terminan con con 'HTTP/1.0' u otra cadena de versi\u00f3n, lo que produce fugas de informaci\u00f3n en el mensaje de error."}], "lastModified": "2016-10-18T02:16:14.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacheflow:cacheos:0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A43360C0-F97C-4856-B2F0-2054E1283E96"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9508AE48-ACB1-4262-9225-BE82655E433E"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF51C047-A39B-4598-8AB6-A5BCD6544C72"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53C88D9-9F78-4F2B-87AD-700BD7B5167D"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3DC615-974E-41F1-910F-8574A21B4C17"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9CF9F8-CD3C-45BC-8669-FA44C1FA1D8A"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4203A30C-9153-4C89-9604-D7E74861D2CE"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A284B71-00B5-4539-A176-4E231F81BCC0"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4A3FCB-4222-448D-8A89-6A69E757593A"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EB89566-E571-43D4-982B-B860C448F4CC"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD20C05A-7040-4305-808A-E9A0AA1D7E98"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E789A31-05A5-48BD-9B80-192B41D7AAF6"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFC926C-4463-41BD-A819-4AF19548E982"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539BC4BB-5D6B-444B-B74F-14794F401680"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DFE513C-0EB2-453B-B169-F0B05302372A"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E78563D4-5177-442C-B181-DD84E4D0E991"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1F6FB3F-23D2-4284-BB6E-E6FED09929F9"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FFAB96C-91F8-4244-A41D-1B9FC1015063"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3580F58-C6B7-4A52-888D-45C3FB10CA80"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3884B739-CD22-4D24-8CB4-20D26219C379"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E1982C-61B6-4BCF-9406-80713CDD021B"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB5378EB-42E0-4EEF-A658-DD20F21D545E"}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34E3DB9D-309D-4D03-AD5A-5B74CBB4E24C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}