Weekly Vulnerabilities Reports > February 11 to 17, 2002
5 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including Snmp, IBM, Wolfram Research, and Goahead Software. Vulnerabilities are notably categorized as and "Permissions, Privileges, and Access Controls".
- 4 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities are exploitable by an anonymous user.
- Snmp has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Snmp has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
|2002-02-13||CVE-2002-0013||Snmp|| Permissions, Privileges, and Access Controls vulnerability in Snmp |
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite.
|2002-02-13||CVE-2002-0012||Snmp|| Permissions, Privileges, and Access Controls vulnerability in Snmp |
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite.
1 High Vulnerabilities
|2002-02-13||CVE-2001-1058||Wolfram Research|| Unspecified vulnerability in Wolfram Research Mathematica 4.0/4.1 |
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
1 Medium Vulnerabilities
|2002-02-13||CVE-2002-1603||Goahead Software|| Unspecified vulnerability in Goahead Software Goahead Webserver |
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
1 Low Vulnerabilities
|2002-02-13||CVE-2001-1079||IBM|| Denial-Of-Service vulnerability in IBM AIX 3.2.0 |
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.