CVE-2002-0709

SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=103359690824103&w=2
http://www.iss.net/security_center/static/10245.php
http://www.securityfocus.com/bid/5859

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:surfcontrol:superscout_web_filter:3.0:::::::*
	cpe:2.3:a:surfcontrol:superscout_web_filter:3.0.3:::::::*
	cpe:2.3:a:surfcontrol:web_filter:4.0:::::::*
	cpe:2.3:a:surfcontrol:web_filter:4.1:::::::*

History

No history.

Information

Published : 2002-10-10 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0709

Mitre link : CVE-2002-0709

CVE.ORG link : CVE-2002-0709

JSON object : View

Products Affected

surfcontrol

web_filter
superscout_web_filter

CWE

NVD-CWE-Other

{"id": "CVE-2002-0709", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-10-10T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=103359690824103&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10245.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5859", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs."}, {"lang": "es", "value": "Vulnerabilidades de Inyecci\u00f3n de SQL en el Servidor de Informes (Web Reports Server) de SurfControl SuperScout WebFilter permite a los atacantes remotos la ejecuci\u00f3n de consultas SQL arbitrarias, mediante la opci\u00f3n RunReport en SimpleBar.dll, y posiblemente otras DLLs."}], "lastModified": "2016-10-18T02:21:39.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:surfcontrol:superscout_web_filter:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00357092-1EB0-47E0-8F58-6E40D26DCD68"}, {"criteria": "cpe:2.3:a:surfcontrol:superscout_web_filter:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4D1AD52-6B1F-453E-8C01-730B229FF97A"}, {"criteria": "cpe:2.3:a:surfcontrol:web_filter:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D2D054-356F-469B-A30B-7583FDBC08B9"}, {"criteria": "cpe:2.3:a:surfcontrol:web_filter:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65AAA83F-B6AA-4E48-9AF6-BC2E5AB89DCA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}