Weekly Vulnerabilities Reports > July 8 to 14, 2002

Overview

5 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 5 vendors including Apple, Avaya, Trend Micro, Macromedia, and MOD SSL. Vulnerabilities are notably categorized as .

  • 4 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Macromedia has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-07-11 CVE-2002-0665 Macromedia Authentication Bypass vulnerability in Macromedia Jrun 3.0/3.1/4.0

Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

10.0

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-07-11 CVE-2002-0676 Apple Unspecified vulnerability in Apple mac OS X

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

7.5
2002-07-11 CVE-2002-0637 Trend Micro Unspecified vulnerability in Trend Micro Interscan Viruswall 3.52

InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.

7.5
2002-07-08 CVE-2002-1448 Avaya Unspecified vulnerability in Avaya Cajun M770-Atm, Cajun P130 and Cajun P330

An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-07-11 CVE-2002-0653 MOD SSL Buffer Overflow vulnerability in Mod_SSL Off-By-One HTAccess

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS