CVE-2002-0896

The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/272582
http://www.iss.net/security_center/static/9100.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/4746	Patch Vendor Advisory
http://online.securityfocus.com/archive/1/272582
http://www.iss.net/security_center/static/9100.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/4746	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:swatch:swatch:3.0.3:::::::*
	cpe:2.3:a:swatch:swatch:3.0.4:::::::*

History

20 Nov 2024, 23:40

Type	Values Removed	Values Added
References	~~() http://online.securityfocus.com/archive/1/272582 -~~	() http://online.securityfocus.com/archive/1/272582 -
References	~~() http://www.iss.net/security_center/static/9100.php - Patch, Vendor Advisory~~	() http://www.iss.net/security_center/static/9100.php - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/4746 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/4746 - Patch, Vendor Advisory

Information

Published : 2002-10-04 04:00

Updated : 2024-11-20 23:40

NVD link : CVE-2002-0896

Mitre link : CVE-2002-0896

CVE.ORG link : CVE-2002-0896

JSON object : View

Products Affected

swatch

swatch

CWE

NVD-CWE-Other

{"id": "CVE-2002-0896", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-10-04T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/272582", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9100.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4746", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/272582", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/9100.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/4746", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same \"watchfor\" expression do not occur after the throttle period, which could allow attackers to avoid detection."}], "lastModified": "2024-11-20T23:40:07.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:swatch:swatch:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2ED1FEF-D736-4F4F-9EBB-635354F398B8"}, {"criteria": "cpe:2.3:a:swatch:swatch:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B87D0BD-8BAE-4B03-8ADB-3FBE1F8784EE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}