Weekly Vulnerabilities Reports > July 8 to 14, 2002
Overview
5 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 5 vendors including Avaya, Apple, Trend Micro, Macromedia, and Modssl. Vulnerabilities are notably categorized as and "Off-by-one Error".
- 4 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- Avaya has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Macromedia has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-07-11 | CVE-2002-0665 | Macromedia | Authentication Bypass vulnerability in Macromedia Jrun 3.0/3.1/4.0 Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | 10.0 |
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-07-11 | CVE-2002-0653 | Modssl | Off-by-one Error vulnerability in Modssl MOD SSL Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | 7.8 |
2002-07-11 | CVE-2002-0676 | Apple | Unspecified vulnerability in Apple mac OS X SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. | 7.5 |
2002-07-11 | CVE-2002-0637 | Trend Micro | Unspecified vulnerability in Trend Micro Interscan Viruswall 3.52 InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express. | 7.5 |
2002-07-08 | CVE-2002-1448 | Avaya | Unspecified vulnerability in Avaya Cajun M770-Atm, Cajun P130 and Cajun P330 An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | 7.5 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|