Weekly Vulnerabilities Reports > July 8 to 14, 2002
5 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 5 vendors including Apple, Avaya, Trend Micro, Macromedia, and MOD SSL. Vulnerabilities are notably categorized as .
- 4 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Macromedia has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
|2002-07-11||CVE-2002-0665||Macromedia|| Authentication Bypass vulnerability in Macromedia Jrun 3.0/3.1/4.0 |
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
3 High Vulnerabilities
|2002-07-11||CVE-2002-0676||Apple|| Unspecified vulnerability in Apple mac OS X |
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
|2002-07-11||CVE-2002-0637||Trend Micro|| Unspecified vulnerability in Trend Micro Interscan Viruswall 3.52 |
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
|2002-07-08||CVE-2002-1448||Avaya|| Unspecified vulnerability in Avaya Cajun M770-Atm, Cajun P130 and Cajun P330 |
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
1 Medium Vulnerabilities
|2002-07-11||CVE-2002-0653||MOD SSL|| Buffer Overflow vulnerability in Mod_SSL Off-By-One HTAccess |
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
0 Low Vulnerabilities