Weekly Vulnerabilities Reports > February 3 to 9, 2003

Overview

19 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 20 products from 13 vendors including Apache, Microsoft, GNU, Freebsd, and ISC. Vulnerabilities are notably categorized as and "Double Free".

  • 16 reported vulnerabilities are remotely exploitables.
  • 19 reported vulnerabilities are exploitable by an anonymous user.
  • Apache has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Celestial Software has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-06 CVE-2003-1090 Celestial Software Buffer Overflow vulnerability in Celestial Software Absolutetelnet 2.0/2.11

Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.

10.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-07 CVE-2003-0037 Noffle Remote Memory Corruption vulnerability in Noffle

Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.

7.5
2003-02-07 CVE-2003-0016 Apache Unspecified vulnerability in Apache Http Server

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.

7.5
2003-02-07 CVE-2003-0015 Freebsd
CVS
Double Free vulnerability in multiple products

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

7.5
2003-02-07 CVE-2003-0003 Microsoft Buffer Overflow vulnerability in Microsoft Windows Locator Service

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.

7.5
2003-02-07 CVE-2003-0035 Robert Krawitz Local Printer Name Buffer Overflow vulnerability in Robert Krawitz Escputil 1.15.2.2

Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.

7.2
2003-02-07 CVE-2003-0034 Jean Jacques Sarton Buffer Overflow vulnerability in Jean-Jacques Sarton Mtink 0.9.32/0.9.33/0.9.52

Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.

7.2

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-07 CVE-2003-0044 Apache Cross-Site Scripting vulnerability in Apache Tomcat Example Web Application

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

6.8
2003-02-07 CVE-2003-0002 Microsoft Cross-Site Scripting vulnerability in Microsoft Content Management Server 2001

Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.

6.8
2003-02-07 CVE-2003-0036 Rildo Pragana Local Security vulnerability in Ml85p

ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".

6.2
2003-02-07 CVE-2003-0045 Apache Denial-Of-Service vulnerability in Tomcat

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

5.0
2003-02-07 CVE-2003-0043 Apache Unspecified vulnerability in Apache Tomcat

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

5.0
2003-02-07 CVE-2003-0042 Apache Unspecified vulnerability in Apache Tomcat

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

5.0
2003-02-07 CVE-2003-0039 ISC Unspecified vulnerability in ISC Dhcpd 3.0.1

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

5.0
2003-02-07 CVE-2003-0027 SUN Unspecified vulnerability in SUN Solaris and Sunos

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

5.0
2003-02-07 CVE-2003-0017 Apache Unspecified vulnerability in Apache Http Server

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

5.0
2003-02-07 CVE-2003-0007 Microsoft Unspecified vulnerability in Microsoft Outlook 2002

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."

5.0
2003-02-07 CVE-2002-1252 Peoplesoft Remote File Disclosure vulnerability in PeopleSoft XML External Entity

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

5.0
2003-02-07 CVE-2003-0038 GNU Cross-Site Scripting vulnerability in GNU Mailman 2.1

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS