CVE-2002-1061

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-1061
Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9682.php
http://www.iss.net/security_center/static/9683.php
http://www.iss.net/security_center/static/9685.php Vendor Advisory
http://www.iss.net/security_center/static/9686.php Vendor Advisory
http://www.securityfocus.com/bid/5319
http://www.securityfocus.com/bid/5320 Patch Vendor Advisory
http://www.securityfocus.com/bid/5322 Vendor Advisory
http://www.securityfocus.com/bid/5324
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9682.php
http://www.iss.net/security_center/static/9683.php
http://www.iss.net/security_center/static/9685.php Vendor Advisory
http://www.iss.net/security_center/static/9686.php Vendor Advisory
http://www.securityfocus.com/bid/5319
http://www.securityfocus.com/bid/5320 Patch Vendor Advisory
http://www.securityfocus.com/bid/5322 Vendor Advisory
http://www.securityfocus.com/bid/5324
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:t._hauck:jana_web_server:1.0:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:1.45:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:1.46:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:t._hauck:jana_web_server:2.2.1:*:*:*:*:*:*:*
History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html - () http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html -
References () http://www.iss.net/security_center/static/9682.php - () http://www.iss.net/security_center/static/9682.php -
References () http://www.iss.net/security_center/static/9683.php - () http://www.iss.net/security_center/static/9683.php -
References () http://www.iss.net/security_center/static/9685.php - Vendor Advisory () http://www.iss.net/security_center/static/9685.php - Vendor Advisory
References () http://www.iss.net/security_center/static/9686.php - Vendor Advisory () http://www.iss.net/security_center/static/9686.php - Vendor Advisory
References () http://www.securityfocus.com/bid/5319 - () http://www.securityfocus.com/bid/5319 -
References () http://www.securityfocus.com/bid/5320 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/5320 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/5322 - Vendor Advisory () http://www.securityfocus.com/bid/5322 - Vendor Advisory
References () http://www.securityfocus.com/bid/5324 - () http://www.securityfocus.com/bid/5324 -
Information

Published : 2002-10-04 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-1061

Mitre link : CVE-2002-1061

CVE.ORG link : CVE-2002-1061

JSON object : View

Products Affected

t._hauck

  • jana_web_server
CWE
NVD-CWE-Other