CVE-2002-0748

LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html	Exploit Vendor Advisory
http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
http://www.iss.net/security_center/static/8919.php	Vendor Advisory
http://www.osvdb.org/5119
http://www.securityfocus.com/bid/4577	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:national_instruments:labview:5.1.1:::::::*
	cpe:2.3:a:national_instruments:labview:6.0:::::::*
	cpe:2.3:a:national_instruments:labview:6.1:::::::*

History

No history.

Information

Published : 2002-08-12 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0748

Mitre link : CVE-2002-0748

CVE.ORG link : CVE-2002-0748

JSON object : View

Products Affected

national_instruments

labview

CWE

NVD-CWE-Other

{"id": "CVE-2002-0748", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8919.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5119", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4577", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations."}, {"lang": "es", "value": "LabVIEW Web Server 5.1.1 hasta 6.1 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio mediante una petici\u00f3n GET de HTTP que acaba en dos caracteres de nueva l\u00ednea, en vez de la combinaci\u00f3n esperada (retorno de carro + nueva l\u00ednea)."}], "lastModified": "2008-09-05T20:28:50.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:national_instruments:labview:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0414122B-69F6-4634-91E0-356EB8C218F5"}, {"criteria": "cpe:2.3:a:national_instruments:labview:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EA20D27-ED92-49CA-9BA5-C75C664F8BF6"}, {"criteria": "cpe:2.3:a:national_instruments:labview:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA2673D0-B731-4596-8C79-020A2ECBF2BE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}