(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 101 - 53年的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 101 - 53年的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期四,2002年8月29日23:47:18(美国东部时间)
- 交货日期:2002年8月29日23:47:23星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——101年由编辑委员会审查和投票。名称:最近- 101描述:罐2002/07/01和2002/07/17大小之间宣布:53通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0819 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0819最终决定:阶段性裁决:修改:建议:20020830分配:20020801类别:科幻参考:BUGTRAQ: 20020706当地根利用-支持充分揭示根利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102607688730228&w=2参考:VULN-DEV: 20020613 Re:当地根利用-支持充分揭示根利用参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102614898620164&w=2参考:确认:http://marc.theaimsgroup.com/?l=kde-multimedia&m=102607939232023&w=2在artsd格式字符串漏洞,叫做artswrapper,允许本地用户获得特权——论点通过格式字符串,从而导致一个错误消息,不妥善处理调用arts_fatal函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0819 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0855网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0855最终决定:阶段性裁决:修改:建议:20020830分配:20020813类别:科幻参考:BUGTRAQ: 20020724跨站点脚本漏洞邮差参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html参考:确认:http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html参考:REDHAT: RHSA-2002:176参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 176. - html参考:REDHAT: RHSA-2002:177参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 177. - html参考:REDHAT: RHSA-2002:178参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 178. - html跨站点脚本漏洞在邮差2.0.12允许远程攻击者执行脚本和其他用户通过一个订户的订阅选项列表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0855 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0995网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0995最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020702 PHPAuction错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html参考:确认:http://www.phpauction.org/viewnew.php?id=5参考:XF: phpauction-admin-account-creation(9462)参考:网址:http://www.iss.net/security_center/static/9462.php参考:报价:5141参考:网址:http://www.securityfocus.com/bid/5141登录。php PHPAuction允许远程攻击者获得特权通过直接调用登录。php的行为参数设置为“插入”,这将提供用户名添加到adminUsers表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0995 1供应商确认:是的咨询确认:供应商的网站包含一个咨询日期初始Bugtraq后的第二天,这国家”解决地址管理/登录。php文件和可能出现的安全漏洞没有这种变化。现在有一定的安全检查添加安全管理员后端。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1004网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1004最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020703 Argosoft邮件服务器+ / Pro Webmail反向目录遍历参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html参考:确认:http://www.argosoft.com/applications/mailserver/changelist.asp参考:报价:5144参考:网址:http://www.securityfocus.com/bid/5144参考:XF: argosoft-dotdot-directory-traversal(9477)参考:网址:http://www.iss.net/security_center/static/9477.php目录遍历脆弱性ArGoSoft邮件服务器的邮箱功能加或Pro 1.8.1.5早些时候,允许远程攻击者读取任意文件通过. .(点点)序列在一个URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1004 1供应商确认:是的、确认:供应商的更改日志包含一个条目1.8.1.6日期为7月3日,2002年,国家“固定邮箱安全问题反向遍历目录,由团队发现n有限(大参考)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1006网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1006最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020701 ptl - 2002 - 03 Betsie XSS Vuln参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html参考:确认:http://www.bbc.co.uk/education/betsie/parser.pl.txt参考:报价:5135参考:网址:http://www.securityfocus.com/bid/5135参考:XF: betsie-parserl-xss(9468)参考:网址:http://www.iss.net/security_center/static/9468.php跨站点脚本漏洞在BBC教育互联网语音增强器(Betsie) 1.5.11早些时候,允许远程攻击者通过parserl.pl执行任意的web脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1006 1供应商确认:是的补丁确认:parserl内的评论。pl脚本本身(2002年8月18日版本1.5.12)包括一个声明“打跨站点脚本漏洞,”和原Bugtraq海报感谢在页面的顶部。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1013网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1013最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020702核心- 20020620:Inktomi交通服务器缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html参考:确认:http://support.inktomi.com/kb/070202 - 003. - html参考:报价:5098参考:网址:http://www.securityfocus.com/bid/5098参考:XF: inktomi-trafficserver-manager-bo(9465)参考:网址:http://www.iss.net/security_center/static/9465.php缓冲区溢出在服务器通过5.2.2 4.0.18 traffic_manager Inktomi交通,交通优势1.1.2 1.5.0,Media-IXT 3.0.4允许本地用户获得根权限通过长路径参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1013 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1014网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1014最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712 [SPSadvisory # 48] RealONE球员黄金/ RealJukebox2缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html参考:确认:http://service.real.com/help/faq/security/bufferoverrun07092002.html参考:XF: realplayer-rjs-controlnimage-bo(9538)参考:网址:http://www.iss.net/security_center/static/9538.php参考:报价:5217参考:网址:http://www.securityfocus.com/bid/5217缓冲区溢出RealJukebox 2 1.0.2.340 1.0.2.379, RealOne球员黄金6.0.10.505,允许远程攻击者执行任意代码通过一个RFS皮肤的皮肤文件。ini CONTROLnImage参数包含一个长值,比如CONTROL1Image。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1014 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1015网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1015最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712 [SPSadvisory # 47] RealONE球员黄金/ RealJukebox2皮肤文件下载漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html参考:确认:http://service.real.com/help/faq/security/bufferoverrun07092002.html参考:XF: realplayer-rjs-file-download(9539)参考:网址:http://www.iss.net/security_center/static/9539.php参考:报价:5210参考:网址:http://www.securityfocus.com/bid/5210RealJukebox 2 1.0.2.340 1.0.2.379, RealOne球员黄金6.0.10.505,允许远程攻击者在本地计算机上执行任意脚本脚本插入区域的皮肤。ini文件的rj存档,然后引用的皮肤。ini从网页中提取后,由Internet Explorer解析为HTML或其他基于微软网络读者。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1015 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1025网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1025最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020701 [VULNWATCH]毕马威- 2002026:Jrun源代码里披露参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html毕马威参考:BUGTRAQ: 20020701 - 2002026: Jrun源代码里披露参考:网址:http://online.securityfocus.com/archive/1/280062参考:确认:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164参考:报价:5134参考:网址:http://www.securityfocus.com/bid/5134参考:XF: jrun-null-view-source(9459)参考:网址:http://www.iss.net/security_center/static/9459.phpJRun 3.0到4.0允许远程攻击者读取JSP源代码通过零字节编码在一个HTTP GET请求,导致服务器发送未解析的JSP文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1025 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1030网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1030最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020708 [VULNWATCH]毕马威- 2002029:Bea Weblogic性能包拒绝服务引用:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html毕马威参考:BUGTRAQ: 20020708 - 2002029: Bea Weblogic性能包拒绝服务引用:网址:http://online.securityfocus.com/archive/1/281046参考:确认:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2fdev2dev%2fresourcelibrary%2fadvisoriesnotifications%2fadvisory_bea02 - 19. htm参考:报价:5159参考:网址:http://www.securityfocus.com/bid/5159参考:XF: weblogic-race-condition-dos(9486)参考:网址:http://www.iss.net/security_center/static/9486.php竞态条件的性能在BEA WebLogic Server 5.1和表达。6.0 x。6.1 x。x和7.0允许远程攻击者造成拒绝服务(崩溃)通过大量的数据和连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1030 1供应商确认:是的咨询确认:毕马威咨询学分(大参考)发现的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1031网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1031最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020707 KF Web服务器版本1.0.2中显示文件和目录内容参考:网址:http://online.securityfocus.com/archive/1/281102参考:VULNWATCH: 20020707 [VULNWATCH] KF Web服务器版本1.0.2中显示文件和目录内容参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html参考:确认:http://www.keyfocus.net/kfws/support/参考:报价:5177参考:网址:http://www.securityfocus.com/bid/5177参考:XF: kfwebserver-null-view-dir(9500)参考:网址:http://www.iss.net/security_center/static/9500.php1.0.2 KeyFocus (KF) web服务器允许远程攻击者列出目录和读取限制文件通过一个HTTP请求包含一个% 00 (null)字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1031 1供应商确认:是的、确认:供应商的更改日志1.0.3,日期为2002年7月4日状态:“安全漏洞——% 00。如果请求的URL包含一个目录名称% 00后,然后服务器用于生成一个索引文件的目录。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1039网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1039最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020714 (VULNWATCH)双乔科省拿铁多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html参考:BUGTRAQ: 20020714双乔科省拿铁多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2参考:确认:http://dcl.sourceforge.net/index.php参考:XF: dcl-dotdot-directory-traversal(9743)参考:网址:http://www.iss.net/security_center/static/9743.php目录遍历脆弱性在双乔科省拿铁咖啡(DCL)前20020706允许远程攻击者读取任意文件通过. .(点点)序列从项目:当下载文件附件功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1039 1供应商确认:是的、确认:供应商的变更,2002年7月6日状态:“修复,防止文件下载欺骗。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1035网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1035最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020701 BufferOverflow OmniHTTPd 2.09参考:网址:http://online.securityfocus.com/archive/1/280132参考:XF: omnihttpd-http-version-bo(9457)参考:网址:http://www.iss.net/security_center/static/9457.php参考:报价:5136参考:网址:http://www.securityfocus.com/bid/5136Omnicron OmniHTTPd 2.09允许远程攻击者造成拒绝服务(崩溃)通过一个HTTP请求长,畸形的HTTP 1版本号。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1035 2供应商确认:是的领域相符确认:被送到support@omnicron电子邮件的调查。ca 2002年8月22日,供应商说8月24日,脆弱性是固定在2.10版本中。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0093网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0093最终决定:阶段性裁决:修改:建议:20020830分配:20020313类别:科幻参考:康柏:SSRT0794参考:网址:http://archives.neohapsis.com/archives/compaq/2002-q3/0009.html参考:XF: tru64-ipcs-bo(9613)参考:网址:http://www.iss.net/security_center/static/9613.php参考:报价:5241参考:网址:http://www.securityfocus.com/bid/5241缓冲区溢出的ipc惠普Tru64 UNIX 4.0 f通过5.1可能允许攻击者执行任意代码,不同的漏洞比- 2001 - 0423。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0093 3供应商确认:对咨询内容的决定:模糊,包容包容:咨询太模糊,告诉是否解决同样的问题- 2001 - 0423。然而,富博伦通过电子邮件确认的问题是不同的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0992网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0992最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:惠普:hpsbux0207 - 196参考:网址:http://online.securityfocus.com/advisories/4258参考:XF: hp-ipv6-dce-dos(9475)参考:网址:http://www.iss.net/security_center/static/9475.php参考:报价:5143参考:网址:http://www.securityfocus.com/bid/5143未知的漏洞在IPV6功能DCE守护进程(1)直流或(2)rpcd在hp - ux 11.11允许攻击者造成拒绝服务攻击(崩溃)通过修改内部数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0992 3供应商确认:对咨询内容的决定:模糊,SF-EXEC包含:咨询太模糊,理解的本质脆弱性。此外,它没有说一个本地或远程攻击者是否可以导致事故发生。如果危机不能被强迫,那么这不会有资格列入CVE;我们没有足够的信息来知道这样或那样的方式。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0994网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0994最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020703 SunPCi II VNC弱身份验证方案的弱点参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html参考:报价:5146参考:网址:http://www.securityfocus.com/bid/5146参考:XF: sunpci-vnc-weak-authentication(9476)参考:网址:http://www.iss.net/security_center/static/9476.phpSunPCi II VNC使用弱身份验证方案,它允许远程攻击者获取VNC密码嗅探随机字节的挑战,这是用作加密通信的关键。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0994 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0996网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0996最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020715 pwc.20020630.nims_modweb。b参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html参考:确认:http://support.novell.com/servlet/tidfinder/2963051参考:报价:5231参考:网址:http://www.securityfocus.com/bid/5231参考:XF: netmail-web-interface-bo(9560)参考:网址:http://www.iss.net/security_center/static/9560.php参考:报价:5230参考:网址:http://www.securityfocus.com/bid/5230在Novell NetMail多个缓冲区溢出(”3.0.3 3.0.3C之前允许远程攻击者可能导致拒绝服务和执行任意代码通过(1)或(2)ModWeb WebAdmin。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0996 3供应商确认:对咨询内容的决定:SF-EXEC, SF-LOC抽象:Novell TID文档的审查年来3.0.3c与3.0.3a表明3.0.3a包括一个imapd 3.0.3c并没有改变;然而,3.0.3a不包括WebAdmin或ModWeb二进制文件。因此WebAdmin / ModWeb漏洞比imapd问题出现在一个不同的版本,所以WebAdmin / ModWeb应该从每个CD imapd:分裂SF-EXEC;但WebAdmin / ModWeb应该合并在一起,因为他们出现在同一个版本和相同类型的错误。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0997网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0997最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020715 pwc.20020630.nims_3.0.3_imapd。参考网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0152.html参考:确认:http://support.novell.com/servlet/tidfinder/2962974参考:报价:5232参考:网址:http://www.securityfocus.com/bid/5232参考:XF: netmail-imap-dos(9559)参考:网址:http://www.iss.net/security_center/static/9559.php缓冲区溢出在IMAP代理(imapd) Novell NetMail(年来)3.0.3 3.0.3A之前允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0997 3供应商确认:对咨询内容的决定:SF-EXEC, SF-LOC抽象:Novell TID文档的审查年来3.0.3c与3.0.3a表明3.0.3a包括一个imapd 3.0.3c并没有改变;然而,3.0.3a不包括WebAdmin或ModWeb二进制文件。因此WebAdmin / ModWeb漏洞比imapd问题出现在一个不同的版本,所以WebAdmin / ModWeb应该从每个CD imapd:分裂SF-EXEC。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0998网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0998最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712 2002年护理参考几个问题:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html参考:确认:http://www.care2x.com/modul.php?thispage=headlines&m_titel=万博下载包NEWS&m_item=Headlines&lang=en参考:报价:5218参考:网址:http://www.securityfocus.com/bid/5218参考:XF: care2002-include-read-files(9552)参考:网址:http://www.iss.net/security_center/static/9552.php目录遍历cafenews脆弱性。万博下载包php保健2002前β1.0.02允许远程攻击者读取任意文件通过. .(点点)序列和朗空字符参数,包括处理调用的函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0998 3供应商确认:对咨询内容的决定:EX-BETA承认:前端网页保健2002个国家,“一个可能的主要弱点avart所指出的(在)gmx.de现在修补,”,包括一个参考,最终导致Bugtraq邮报。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0999网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0999最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712 2002年护理参考几个问题:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html参考:确认:http://www.care2x.com/modul.php?thispage=headlines&m_titel=万博下载包NEWS&m_item=Headlines&lang=en参考:报价:5219参考:网址:http://www.securityfocus.com/bid/5219参考:XF: care2002-sql-injection(9553)参考:网址:http://www.iss.net/security_center/static/9553.php多个SQL注入漏洞2002年护理前β1.0.02允许远程攻击者执行unautheorized数据库操作。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0999 3供应商确认:对咨询内容的决定:EX-BETA SF-LOC承认:前端web页面保健2002个国家,“一个可能的主要弱点avart所指出的(在)gmx.de现在修补,”,包括一个参考,最终导致Bugtraq邮报。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1001网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1001最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020701 Foundstone咨询——缓冲区溢出AnalogX代理(fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0006.html参考:确认:http://www.analogx.com/contents/download/network/proxy.htm参考:XF: analogx-proxy-http-bo(9455)参考:网址:http://www.iss.net/security_center/static/9455.php参考:XF: analogx-proxy-socks4a-bo(9456)参考:网址:http://www.iss.net/security_center/static/9456.php参考:报价:5138参考:网址:http://www.securityfocus.com/bid/5138参考:报价:5139参考:网址:http://www.securityfocus.com/bid/5139缓冲区溢位在4.12前AnalogX代理允许远程攻击者造成拒绝服务并通过(1)可能执行任意代码很长HTTP请求TCP端口6588或(2)一个袜子4请求TCP端口1080和长DNS主机名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1001 3供应商确认:是的更新日志内容决定:SF-LOC, SF-EXEC确认:供应商网站上的更新日志包含一个条目4.12版本,“固定DNS缓存错误报道Foundstone(大参考)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1003网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1003最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020708 Foundstone咨询——MyWebServer缓冲区溢出(fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html参考:XF: mywebserver-long-url-bo(9501)参考:网址:http://www.iss.net/security_center/static/9501.php参考:报价:5184参考:网址:http://www.securityfocus.com/bid/5184早些时候在MyWebServer 1.02和缓冲区溢出允许远程攻击者执行任意代码通过一个HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1003 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1007网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1007最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020701 CSS在黑板上参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0005.html参考:XF: blackboard-login-xss(9467)参考:网址:http://www.iss.net/security_center/static/9467.php参考:报价:5137参考:网址:http://www.securityfocus.com/bid/5137在黑板上5跨站点脚本漏洞允许远程攻击者执行任意的web脚本通过(1)course_id参数链接登录。pl,(2)在ProcessInfo CTID参数。cgi,或(3)index.cgi消息参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1007 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1009网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1009最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711李尔'HTTP Pbcgi。cgi XSS漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html参考:报价:5211参考:网址:http://www.securityfocus.com/bid/5211参考:XF: lilhttp-pbcgi-xss(9548)参考:网址:http://www.iss.net/security_center/static/9548.php跨站点脚本漏洞在PowerBASIC pbcgi。cgi, Lil '中包含HTTP web服务器,允许远程攻击者在其他web浏览器执行任意的web脚本通过(1)“名字”或(2)“电子邮件”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1009 3供应商确认:内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1010网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1010最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020703 [VULNWATCH] Lotus Domino R4文件检索漏洞……参考网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.htmlLotus Domino R4允许远程攻击者绕过访问限制文件在web根通过HTTP请求附加“?”字符,这是作为一个通配符和绕过web处理程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1010 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1011网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1011最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020715 Tivoli TMF端点缓冲区溢位参考:网址:http://online.securityfocus.com/archive/1/282292参考:VULNWATCH: 20020715 Tivoli TMF端点缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0023.html参考:MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html参考:XF: tivoli-tmr-endpoint-bo(9555)参考:网址:http://www.iss.net/security_center/static/9555.php参考:报价:5235参考:网址:http://www.securityfocus.com/bid/5235缓冲区溢出Tivoli管理框架的web服务器(TMF)端点3.6。通过3.7.1 x, Fixpack 2之前,允许远程攻击者造成拒绝服务或执行任意代码通过一个HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1011 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC抽象:端点Fixpack 2或3.7.1-TMF-0066问题是解决了,但ManagedNodes的问题才会得到解决4.1,根据大参考。因此CD: SF-LOC / SF-EXEC表明这些项目之间的分裂,因为漏洞出现在不同的版本。确认:揭露者提供了一个URL安全咨询,但咨询需要用户注册(和可能的维护合同)来访问,所以无法确定供应商确认。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1012网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1012最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020715 Tivoli TMF ManagedNode缓冲区溢位参考:网址:http://online.securityfocus.com/archive/1/282283参考:VULNWATCH: 20020715 Tivoli TMF ManagedNode缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0024.html参考:MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html参考:报价:5233参考:网址:http://www.securityfocus.com/bid/5233参考:XF: tivoli-tmr-managednode-bo(9556)参考:网址:http://www.iss.net/security_center/static/9556.php缓冲区溢出的web服务器(TMF) ManagedNode 3.6 Tivoli管理框架。通过3.7.1 x允许远程攻击者造成拒绝服务或执行任意代码通过一个HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1012 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC抽象:端点Fixpack 2或3.7.1-TMF-0066问题是解决了,但ManagedNodes的问题才会得到解决4.1,根据大参考。因此CD: SF-LOC / SF-EXEC表明这些项目之间的分裂,因为漏洞出现在不同的版本。确认:揭露者提供了一个URL安全咨询,但咨询需要用户注册(和可能的维护合同)来访问,所以无法确定供应商确认。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1018网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1018最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020712 [VULNWATCH]漏洞发现:Adobe电子书图书馆(fwd)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html参考:VULN-DEV: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2参考:BUGTRAQ: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2图书馆功能Adobe内容服务器3.0不验证如果客户已经签出一本电子书,它允许远程攻击者造成拒绝服务(资源枯竭)多次查看同一本书。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1018 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1019网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1019最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020712 [VULNWATCH]漏洞发现:Adobe电子书图书馆(fwd)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html参考:VULN-DEV: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2参考:BUGTRAQ: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2图书馆功能Adobe内容服务器3.0允许远程攻击者查看电子书任意长度的时间通过download.asp loanMin参数修改。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1019 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1020最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020712 [VULNWATCH]漏洞发现:Adobe电子书图书馆(fwd)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html参考:VULN-DEV: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2参考:BUGTRAQ: 20020712漏洞发现:Adobe电子书图书馆参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2图书馆功能Adobe内容服务器3.0允许远程攻击者查看电子书即使贷款的最大数量超过通过访问“添加到书袋”功能当服务器报告,没有更多的副本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1020 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1021网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1021最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712三个BadBlue漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html参考:报价:5226参考:网址:http://www.securityfocus.com/bid/5226参考:XF: badblue-null-file-disclosure(9557)参考:网址:http://www.iss.net/security_center/static/9557.phpBadBlue服务器允许远程攻击者读取限制文件,如EXT.INI,通过一个HTTP请求包含hex-encoded零字节。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1021 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1022网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1022最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712三个BadBlue漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html参考:XF: badblue-plaintext-passwords(9558)参考:网址:http://www.iss.net/security_center/static/9558.php参考:报价:5228参考:网址:http://www.securityfocus.com/bid/5228BadBlue服务器存储密码的明文ext.ini文件,这将允许本地nad可能远程攻击者获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1022 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1023网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1023最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020712三个BadBlue漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html参考:XF: badblue-get-dos(9528)参考:网址:http://www.iss.net/security_center/static/9528.php参考:报价:5187参考:网址:http://www.securityfocus.com/bid/5187BadBlue服务器允许远程攻击者造成拒绝服务(崩溃)通过HTTP GET请求URI。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1023 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1026网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1026最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ:毕马威20020701 - 2002028:Sitespring服务器拒绝服务引用:网址:http://online.securityfocus.com/archive/1/280079毕马威(VULNWATCH)参考:VULNWATCH: 20020701 - 2002028: Sitespring服务器拒绝服务引用:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0140.html参考:XF: sitespring-sybase-dos(9458)参考:网址:http://www.iss.net/security_center/static/9458.php参考:报价:5132参考:网址:http://www.securityfocus.com/bid/5132Macromedia Sitespring 1.2.0(277.1)使用Sybase运行时引擎7.0.2.1480允许远程攻击者造成拒绝服务(崩溃)通过一个长畸形请求TCP端口2500,可能引发缓冲区溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1026 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1027网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1027最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ:毕马威20020717 - 2002032:Macromedia Sitespring跨站脚本参考:网址:http://online.securityfocus.com/archive/1/282742参考:VULNWATCH: 20020717 [VULNWATCH]毕马威- 2002032:Macromedia Sitespring跨站脚本参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html参考:报价:5249参考:网址:http://www.securityfocus.com/bid/5249参考:XF: sitespring - 500错误——xss(9588)参考:网址:http://www.iss.net/security_center/static/9588.php跨站点脚本漏洞在缺省HTTP 500错误脚本(500 error.jsp) Macromedia Sitespring 1.2.0(277.1)允许远程攻击者执行任意的web脚本通过一个500错误链接。jsp中的脚本1等参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1027 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1028网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1028最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020716 Outpost24咨询:Oddsock PlaylistGenerator多个BufferOverlow脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html参考:MISC:http://www.oddsock.org/tools/gen_songrequester/版本% 20 202.2% % 20:参考:报价:5248参考:网址:http://www.securityfocus.com/bid/5248参考:XF: oddsock-song-requester-dos(9585)参考:网址:http://www.iss.net/security_center/static/9585.php多个缓冲区溢出的CGI程序Oddsock歌请求者WinAmp 2.1插件允许远程攻击者造成拒绝服务(崩溃)通过长参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1028 3供应商确认:未知的模糊的内容决定:SF-LOC, SF-EXEC确认:供应商ack不是绝对肯定。在2.2版本的更新日志表明,固定的缓冲区溢出,不清楚它修复* *缓冲区溢出。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1029网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1029最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020704 Worldspan DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html参考:XF: worldspan-res-manager-dos(9490)参考:网址:http://www.iss.net/security_center/static/9490.php参考:报价:5169参考:网址:http://www.securityfocus.com/bid/5169Res经理Worldspan Windows 4.1网关允许远程攻击者造成拒绝服务(崩溃)通过一个畸形的请求TCP端口17990。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1029 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1033网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1033最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711吊闸安全顾问——目录遍历脆弱性SunPS iRunbook 2.5.2参考:网址:http://online.securityfocus.com/archive/1/281786参考:报价:5209参考:网址:http://www.securityfocus.com/bid/5209参考:XF: sun-irunbook-information-disclosure(9549)参考:网址:http://www.iss.net/security_center/static/9549.php目录遍历没有漏洞。php为SunPS iRunbook 2.5.2允许远程攻击者读取任意文件通过一个“. .:“序列(圆点变种)的论点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1033 3供应商确认:内容决定:SF-LOC抽象:虽然“. .”和“完整/ /路径”问题是密切相关的,他们是不同类型的问题,这表明一个分裂的CD: SF-LOC。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1034网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1034最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711吊闸安全顾问——目录遍历脆弱性SunPS iRunbook 2.5.2参考:网址:http://online.securityfocus.com/archive/1/281786参考:报价:5209参考:网址:http://www.securityfocus.com/bid/5209参考:XF: sun-irunbook-information-disclosure(9549)参考:网址:http://www.iss.net/security_center/static/9549.php一个也没有。php为SunPS iRunbook 2.5.2允许远程攻击者读取任意文件通过一个绝对路径名的论点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1034 3供应商确认:内容决定:SF-LOC抽象:虽然“. .”和“完整/ /路径”问题是密切相关的,他们是不同类型的问题,这表明一个分裂的CD: SF-LOC。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1036网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1036最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020710 XSS漏洞流体动力学搜索引擎引用:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0096.html参考:BUGTRAQ: 20020710 RE: XSS漏洞流体动力学搜索引擎引用:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0094.html参考:确认:http://www.xav.com/scripts/search/changes.htm # 4参考:报价:5199参考:网址:http://www.securityfocus.com/bid/5199参考:XF: fd-search-xss(9533)参考:网址:http://www.iss.net/security_center/static/9533.php跨站点脚本漏洞在搜索。pl的流体动力学的搜索引擎(FDSE) 2.0.0.0055之前允许远程攻击者执行web脚本通过(1)排名或(2)匹配参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1036 3供应商确认:是的后续内容决定:SF-LOC精度:“匹配”参数是提到的供应商v2.0.0.0055更新日志。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1037网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1037最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020714 (VULNWATCH)双乔科省拿铁多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html参考:BUGTRAQ: 20020714双乔科省拿铁多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2参考:确认:http://dcl.sourceforge.net/index.php参考:报价:5182参考:网址:http://www.securityfocus.com/bid/5182参考:XF: dcl-html-injection(9532)参考:网址:http://www.iss.net/security_center/static/9532.php跨站点脚本漏洞在双乔科省拿铁咖啡(DCL)在20020706之前允许远程攻击者将任意的HTML,包括脚本、进入网页通过(1)票#发现,(2)优先级、严重程度(3),(4)项目,(5)我们#发现,(6)和(7)部门用户功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1037 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商的变更,2002年7月6日状态:“转义的html数据显示从进入避免利用。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1038网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1038最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020714 (VULNWATCH)双乔科省拿铁多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html参考:BUGTRAQ: 20020714双乔科省拿铁多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2参考:确认:http://dcl.sourceforge.net/index.php参考:XF: dcl-file-upload(9742)参考:网址:http://www.iss.net/security_center/static/9742.php双乔科省拿铁咖啡(DCL)前20020706不正确验证如果上传一个文件,它允许远程攻击者进行某些操作任意文件通过(1)项目:上传文件附件或(2)工作指令:导入功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1038 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商的变更,2002年7月6日状态:“文件上传验证,以防止欺骗。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1040网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1040最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:AIXAPAR: IY29749参考:网址:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html未知的漏洞在WebSecure (DFSWeb)配置实用工具在AIX 4。x,可能相关的相对路径名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1040 3供应商确认:是的补丁内容决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1041网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1041最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:AIXAPAR: IY23359参考:网址:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html参考:AIXAPAR: IY29579参考:网址:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html未知的漏洞在DCE SMIT面板(1)和(2)配置命令,可能相关的相对路径名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1041 3供应商确认:是的补丁内容决定:SF-LOC,模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1042网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1042最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020709 iPlanet远程文件查看参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html参考:报价:5191参考:网址:http://www.securityfocus.com/bid/5191参考:XF: iplanet-search-view-files(9517)参考:网址:http://www.iss.net/security_center/static/9517.php在搜索引擎目录遍历脆弱性iPlanet web服务器6.0 SP2和4.1 SP9和Netscape Enterprise server 3.6,当运行在Windows平台上,允许远程攻击者读取任意文件通过. .圆点反斜杠(\)序列NS-query-pat参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1042 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1043网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1043最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711爆米花漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html参考:XF: popcorn-mail-dos(9547)参考:网址:http://www.iss.net/security_center/static/9547.php参考:报价:5212参考:网址:http://www.securityfocus.com/bid/5212Ultrafunk爆米花1.20允许远程攻击者造成拒绝服务(崩溃)通过一个畸形的主题(“\ \ t”)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1043 3供应商确认:没有不支持的内容决定:EX-CLIENT-DOS, SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1044网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1044最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711爆米花漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html参考:XF: popcorn-mail-dos(9547)参考:网址:http://www.iss.net/security_center/static/9547.php参考:报价:5212参考:网址:http://www.securityfocus.com/bid/5212缓冲区溢出Ultrafunk爆米花1.20允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过一个长主题领域。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1044 3供应商确认:没有不支持的内容决定:EX-CLIENT-DOS, SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1045网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1045最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020711爆米花漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html参考:XF: popcorn-mail-dos(9547)参考:网址:http://www.iss.net/security_center/static/9547.php参考:报价:5212参考:网址:http://www.securityfocus.com/bid/5212Ultrafunk爆米花1.20允许远程攻击者造成拒绝服务(崩溃)通过一个畸形的日期字段转换为大于2037年。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1045 3供应商确认:没有不支持的内容决定:EX-CLIENT-DOS, SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1046网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1046最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020709 [VULNWATCH]毕马威- 2002030:沃奇卫士燃烧室动态VPN配置协议DoS参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html参考:报价:5186参考:网址:http://www.securityfocus.com/bid/5186参考:XF: firebox-dvcp-dos(9509)参考:网址:http://www.iss.net/security_center/static/9509.php动态VPN配置协议服务(DVCP)沃奇卫士燃烧室固件5. x。x允许远程攻击者造成拒绝服务(崩溃)通过一个畸形数据包包含制表符TCP端口4110。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1046 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1047网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1047最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:VULNWATCH: 20020701 [VULNWATCH]毕马威- 2002027:沃奇卫士Soho FTP参考验证缺陷:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html参考:XF: firebox-soho-ftp-insecure(9511)参考:网址:http://www.iss.net/security_center/static/9511.php沃奇卫士Soho的FTP服务防火墙5.0.35a允许远程攻击者获得特权和正确的密码,但不正确的用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1047 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1052网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1052最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ:毕马威20020717 - 2002031:拼图网络服务器路径披露参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102691753204392&w=2参考:VULNWATCH: 20020717 [VULNWATCH]毕马威- 2002031:拼图网络服务器路径披露参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html参考:VULNWATCH: 20020717 [VULNWATCH]毕马威- 2002034:拼图网络服务器DOS设备DOS参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html毕马威参考:BUGTRAQ: 20020717 - 2002034:拼图网络服务器DOS设备DOS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102692936820193&w=2参考:报价:5258参考:网址:http://www.securityfocus.com/bid/5258参考:XF: jigsaw-dos-device-dos(9587)参考:网址:http://www.iss.net/security_center/static/9587.php参考:XF: jigsaw-aux-path-disclosure(9586)参考:网址:http://www.iss.net/security_center/static/9586.php参考:报价:5251参考:网址:http://www.securityfocus.com/bid/5251拼图2.2.1在Windows系统允许远程攻击者使用ms - dos设备名称在HTTP请求(1)引起拒绝服务使用“欺诈”设备,或(2)获得服务器的物理路径使用两个请求到“辅助”设备。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1052 3供应商确认:未知discloser-claimed内容决定:SF-LOC抽象:CD: SF-LOC表明结合问题的相同类型的影响相同的版本。同时访问的结果“骗”设备是不同的比“辅助”设备,都是相同的漏洞类型的实例——“不过滤MSDOS设备的名字。”Therefore these problems are combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1070 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1070最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020716 Wiki模块postnuke跨站脚本漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html参考:XF: phpwiki-xss(9627)参考:网址:http://www.iss.net/security_center/static/9627.php参考:报价:5254参考:网址:http://www.securityfocus.com/bid/5254跨站点脚本漏洞在PHPWiki Postnuke wiki模块允许远程攻击者执行脚本作为其他PHPWiki用户通过pagename参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1070 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1089网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1089最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:CF参考:BUGTRAQ: 20020717 (AP) Oracle服务器信息披露漏洞报告参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.htmlrwcgi60 CGI程序在Oracle报告服务器,通过设计,提供敏感信息如完整的路径名,这可能允许远程攻击者利用这些信息的额外攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1089 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 100 - 35的候选人
- 下一个按日期:(提案)集群最近- 102 - 53年的候选人
- Prev线程:(提案)集群最近- 100 - 35的候选人
- 下一个线程:(提案)集群最近- 102 - 53年的候选人
- 指数(es):
