Vulnerabilities > CVE-2002-1903 - Unspecified vulnerability in University of Washington Pine

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

university-of-washington

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	University_Of_Washington University OF Washington Pine 4.21 University OF Washington Pine 4.30 University OF Washington Pine 4.33 University OF Washington Pine 4.44	4

Statements

contributor	Mark J Cox
lastmodified	2006-09-19
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162899 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

Summary

Vulnerable Configurations

Statements

References