Weekly Vulnerabilities Reports > February 11 to 17, 2002
Overview
5 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including Snmp, IBM, Wolfram Research, and Goahead Software. Vulnerabilities are notably categorized as and "Permissions, Privileges, and Access Controls".
- 4 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities are exploitable by an anonymous user.
- Snmp has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Snmp has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-13 | CVE-2002-0013 | Snmp | Permissions, Privileges, and Access Controls vulnerability in Snmp Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. | 10.0 |
| 2002-02-13 | CVE-2002-0012 | Snmp | Permissions, Privileges, and Access Controls vulnerability in Snmp Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. | 10.0 |
1 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-13 | CVE-2001-1058 | Wolfram Research | Unspecified vulnerability in Wolfram Research Mathematica 4.0/4.1 The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-13 | CVE-2002-1603 | Goahead Software | Unspecified vulnerability in Goahead Software Goahead Webserver GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. | 5.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-13 | CVE-2001-1079 | IBM | Denial-Of-Service vulnerability in IBM AIX 3.2.0 create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. | 3.6 |