(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 104 - 37的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 104 - 37的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期四,2002年8月29日23:48:55(美国东部时间)
- 交货日期:2002年8月29日23:48:59星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——104年由编辑委员会审查和投票。名称:最近- 104描述:罐宣布2002/08/16与2002/08/29大小:37通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0647 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0647最终决定:阶段性裁决:修改:建议:20020830分配:20020628类别:科幻参考:女士:ms02 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 047. - asp缓冲区溢出的遗产ActiveX控件用于显示特殊格式化的文本在微软Internet Explorer 5.01, 5.5,和6.0允许远程攻击者执行任意代码,又名“遗产文本格式ActiveX控件的缓冲区溢出”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0647 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0648网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0648最终决定:阶段性裁决:修改:建议:20020830分配:20020628类别:科幻参考:BUGTRAQ: 20020823访问远程/本地内容在IE (GM # 009 - IE)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103011639524314&w=2参考:女士:ms02 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 047. - asp遗留<脚本>的XML数据岛能力微软Internet Explorer 5.01, 5.5,和6.0允许远程攻击者读取任意XML文件,和其他文件的部分,通过一个URL的" src "属性重定向到一个本地文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0648 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0691网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0691最终决定:阶段性裁决:修改:建议:20020830分配:20020712类别:科幻参考:女士:ms02 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 047. - asp微软Internet Explorer 5.01和5.5允许远程攻击者在本地计算机上执行脚本区通过一个URL引用当地一个HTML资源文件的一个变体“跨站点脚本编制本地HTML资源”被- 2002 - 0189。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0691 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0722网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0722最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:BUGTRAQ: 20020828下载的文件可以欺骗的起源在MSIE参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103054692223380&w=2参考:女士:ms02 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 047. - asp微软Internet Explorer 5.01、5.5和6.0允许远程攻击者歪曲源文件的文件下载对话框来诱骗用户认为安全的下载文件类型,即“文件来源欺骗。”Analysis ---------------- ED_PRI CAN-2002-0722 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0723 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0723最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:女士:ms02 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 047. - asp微软Internet Explorer 5.5和6.0不正确验证的领域框架在一个浏览器窗口,它允许远程攻击者读取客户端文件或通过对象调用可执行对象标签,又名“跨域验证对象标签。”Analysis ---------------- ED_PRI CAN-2002-0723 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0724 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0724最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:BUGTRAQ: 20020822核心- 20020618:漏洞在Windows SMB (DoS)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103011556323184&w=2参考:女士:ms02 - 045参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 045. - asp参考:CERT-VN: VU # 311619参考:网址:http://www.kb.cert.org/vuls/id/311619参考:CERT-VN: VU # 342243参考:网址:http://www.kb.cert.org/vuls/id/342243参考:CERT-VN: VU # 250635参考:网址:http://www.kb.cert.org/vuls/id/250635缓冲区溢出在SMB(服务器消息块)协议在Microsoft Windows NT, Windows 2000, Windows XP允许攻击者造成拒绝服务(崩溃)通过SMB_COM_TRANSACTION包(1)NetShareEnum请求,(2)NetServerEnum2,或(3)NetServerEnum3,又名“无节制的缓冲网络共享提供商可能导致拒绝服务”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0724 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0726网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0726最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:ATSTAKE: A082802-1参考:网址:http://www.atstake.com/research/advisories/2002/a082802 - 1. - txt参考:女士:ms02 - 046参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 046. - asp在微软先进终端服务客户端缓冲区溢出(TSAC) ActiveX控件允许远程攻击者通过长期执行任意代码服务器名称字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0726 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0727网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0727最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:女士:ms02 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 044. - asp参考:BUGTRAQ: 20020408脚本脚本与油水界面时的IE (GM # 005 - IE)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101829645415486&w=2参考:XF: owc-spreadsheet-host-script-execution(8777)参考:网址:http://www.iss.net/security_center/static/8777.php参考:报价:4449参考:网址:http://online.securityfocus.com/bid/4449主机功能Microsoft Office Web组件(油水界面)2000年和2002年暴露在组件标记为安全的脚本,它允许远程攻击者通过setTimeout方法执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0727 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0860网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0860最终决定:阶段性裁决:修改:建议:20020830分配:20020815类别:科幻参考:女士:ms02 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 044. - asp参考:BUGTRAQ: 20020408阅读本地文件与油水界面在IE (GM # 006 - IE)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101829911018463&w=2参考:XF: owc-spreadsheet-loadtext-read-files(8778)参考:网址:http://www.iss.net/security_center/static/8778.php参考:报价:4453参考:网址:http://online.securityfocus.com/bid/4453LoadText方法在电子表格组件在Microsoft Office Web组件(油水界面)2000年和2002年通过Internet Explorer允许远程攻击者读取任意文件通过一个URL重定向到目标文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0860 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0861网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0861最终决定:阶段性裁决:修改:建议:20020830分配:20020815类别:科幻参考:女士:ms02 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 044. - asp参考:BUGTRAQ: 20020408控制油水界面的剪贴板IE (GM # 007 - IE)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101829726516346&w=2参考:XF: owc-spreadsheet-clipboard-access(8779)参考:网址:http://www.iss.net/security_center/static/8779.php参考:报价:4457参考:网址:http://online.securityfocus.com/bid/4457微软Office Web组件(油水界面)2000年和2002年允许远程攻击者绕过“通过脚本允许粘贴操作”设置,即使它被禁用,通过(1)细胞的复制方法对象或(2)粘贴方法的对象。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0861 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0875网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0875最终决定:阶段性裁决:修改:建议:20020830分配:20020816类别:科幻参考:DEBIAN: dsa - 154参考:网址:http://www.debian.org/security/2002/dsa - 1542.6.6脆弱性FAM 2.6.8,其他版本允许无特权的用户获得的名称访问仅限于根组的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0875 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0973网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0973最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:FREEBSD: FreeBSD-SA-02:38。signed-error参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102976839728706&w=2整数signedness错误在多个系统调用FreeBSD 4.6.1 RELEASE-p10早些时候,可能允许攻击者访问敏感的内核内存通过(1)接受大的负值,(2)getsockname,和(3)getpeername系统调用,(4)vesa FBIO_GETPALETTE ioctl。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0973 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0981网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0981最终决定:阶段性裁决:修改:建议:20020830分配:20020822类别:科幻参考:火山口:综援- 2002上海合作组织。36个参考:网址:ftp://ftp.caldera.com/pub/updates/openunix/cssa - 2002 sco.36/cssa - 2002 sco.36.txt缓冲区溢出在ndcfg命令安装7.1.1 UnixWare和开放的UNIX 8.0.0允许本地用户通过长命令行执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0981 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0984网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0984最终决定:阶段性裁决:修改:建议:20020830分配:20020823类别:科幻参考:DEBIAN: dsa - 156参考:网址:http://www.debian.org/security/2002/dsa - 156IRC脚本包含在2.7。2.8 x 2.7.30p5之前,。x 2.8 pre10之前,运行史诗允许远程攻击者执行任意代码如果用户连接通道的主题包括EPIC4代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0984 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0987网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0987最终决定:阶段性裁决:修改:建议:20020830分配:20020826类别:科幻参考:火山口:综援- 2002上海合作组织。38参考:网址:ftp://ftp.sco.com/pub/updates/openunix/cssa - 2002 sco.38X服务器(Xsco) OpenUNIX 8.0.0和安装7.1.1 UnixWare不放弃特权之前调用程序使用popen xkbcomp等,这将允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0987 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0988网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0988最终决定:阶段性裁决:修改:建议:20020830分配:20020826类别:科幻参考:火山口:综援- 2002上海合作组织。38参考:网址:ftp://ftp.sco.com/pub/updates/openunix/cssa - 2002 sco.38缓冲区溢出的X服务器(Xsco) OpenUNIX 8.0.0和安装7.1.1 UnixWare XBM / xkbcomp功能相关的可能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0988 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0989网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0989最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:确认:http://gaim.sourceforge.net/ChangeLog参考:DEBIAN: dsa - 158参考:网址:http://www.debian.org/security/2002/dsa - 158参考:确认:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728参考:BUGTRAQ: 20020827 GLSA: gaim参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2URL处理程序在浏览器手动选择Gaim 0.59.1之前允许远程攻击者执行任意脚本通过shell元字符在一个链接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0989 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1053网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1053最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020817 W3C拼图代理服务器:跨站点脚本漏洞(转帖)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html参考:确认:http://www.w3.org/Jigsaw/RelNotes.html 2.2.1参考:报价:5506参考:网址:http://www.securityfocus.com/bid/5506参考:XF: jigsaw-http-proxy-xss(9914)参考:网址:http://www.iss.net/security_center/static/9914.php跨站点脚本漏洞在W3C拼图代理服务器2.2.1允许远程攻击者通过一个URL执行任意脚本包含一个引用不存在的主机之后,脚本,这是包括在生成的错误消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1053 1供应商确认:是的、确认:供应商的更新日志2.2.1说”添加了一个国旗从默认的错误页面删除URI以及代理模块(安全修复:避免交叉脚本攻击)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1079网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1079最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020822深渊1.0.3目录遍历和管理缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html参考:确认:http://www.aprelium.com/万博下载包news/patch1033.html参考:XF: abyss-get-directory-traversal(9941)参考:网址:http://www.iss.net/security_center/static/9941.php参考:XF: abyss-http-directory-traversal(9940)参考:网址:http://www.iss.net/security_center/static/9940.phpWeb服务器目录遍历脆弱性深渊1.0.3允许远程攻击者读取任意文件通过. .圆点反斜杠(\)序列在一个HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1079 1供应商确认:是的确认:供应商包括8月19日的一份声明中,2002年的一个补丁1.03关于“两个相关的bug url解码(由于奥列马路易吉),“原来的揭露者。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1081网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1081最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020822深渊1.0.3目录遍历和管理缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html参考:确认:http://www.aprelium.com/万博下载包news/patch1033.html参考:XF: abyss-plus-file-disclosure(9956)参考:网址:http://www.iss.net/security_center/static/9956.phpWeb服务器的管理控制台深渊1.0.3允许远程攻击者读取文件没有提供登录凭证通过一个HTTP请求到目标文件,以一个“+”的角色。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1081 1供应商确认:是的确认:供应商包括8月19日的一份声明中,2002年的一个补丁1.03关于“两个相关的bug url解码(由于奥列马路易吉),“原来的揭露者。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0725网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0725最终决定:阶段性裁决:修改:建议:20020830分配:20020722类别:科幻参考:ATSTAKE: A081602-1参考:网址:http://www.atstake.com/research/advisories/2000/a081602 - 1. - txtNTFS文件系统在Windows NT 4.0和Windows 2000 SP2允许本地攻击者隐藏文件使用活动通过一个硬链接到目标文件,导致链接被记录在审计跟踪的目标文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0725 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0654网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0654最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻参考:BUGTRAQ: 20020816 Apache 2.0.39目录遍历和路径信息披露错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2参考:确认:http://www.apache.org/dist/httpd/CHANGES_2.0Apache 2.0通过2.0.39 Windows、OS2、和网络允许远程攻击者来确定服务器的完整路径名通过(1)请求.var文件,在生成的错误消息泄漏路径名,或者(2)通过一个错误消息,发生在一个脚本(子进程)不能被调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0654 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0699网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0699最终决定:阶段性裁决:修改:建议:20020830分配:20020712类别:科幻参考:女士:ms02 - 048参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 048. - asp未知漏洞证书注册的ActiveX控件的微软Windows 98, Windows 98第二版,Windows千禧年,Windows NT 4.0, Windows 2000, Windows XP允许远程攻击者删除系统用户的数字证书通过HTML。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0699 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0834网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0834最终决定:阶段性裁决:修改:建议:20020830分配:20020808类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00006. - html参考:REDHAT: RHSA-2002:169缓冲区溢出早些时候在飘渺的0.9.5伊希斯解剖器,允许远程攻击者造成拒绝服务或通过畸形数据包执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0834 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0971网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0971最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020821 Win32 API“粉碎”基于vnc的漏洞中发现产品参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102994289123085&w=2TightVNC脆弱性VNC, TridiaVNC允许本地用户执行任意代码使用Win32 LocalSystem消息传递系统绕过VNC GUI和访问“添加新客户”对话框。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0971 3供应商确认:未知的内容决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0972网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0972最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020820 @(#)莫德雷德实验室咨询0 x0004: PostgreSQL多个缓冲区溢出。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102987608300785&w=2缓冲区溢出在PostgreSQL 7.2允许攻击者可能导致拒绝服务和执行任意代码通过长参数的函数(1)或(2)rpad lpad。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0972 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0975网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0975最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020816转发:缓冲区溢出在微软举个文件查看器。ocx(< 15) 2 0 16日ActiveX示例参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102953851705859&w=2缓冲区溢出在微软举文件查看器ActiveX控件(xweb.ocx) 2.0.6.15早些时候,允许远程攻击者通过一个长文件执行任意参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0975 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0976网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0976最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020817 Internet explorer可以读取本地文件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102960731805373&w=2Internet Explorer 4.0,后来允许远程攻击者读取任意文件通过一个web页面访问遗留XML数据源applet (com.ms.xml.dso.XMLDSO.class)和修改基本URL指向本地系统,这是信任的applet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0976 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0977网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0977最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020817多个安全漏洞微软内部文件传输管理器ActiveX控件(< 4.0)(缓冲区溢出、任意文件上传/下载)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html缓冲区溢出在微软文件传输管理器(英尺分)ActiveX控件之前4.0允许远程攻击者通过一个长TS值执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0977 3供应商确认:未知discloser-claimed内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0978网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0978最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020817多个安全漏洞微软内部文件传输管理器ActiveX控件(< 4.0)(缓冲区溢出、任意文件上传/下载)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html微软文件传输管理器(英尺分)ActiveX控件之前4.0允许远程攻击者上传或下载任意文件任意地点通过中间人攻击与修改TGT和TGN参数调用“保存”功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0978 3供应商确认:未知discloser-claimed内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0979网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0979最终决定:阶段性裁决:修改:建议:20020830分配:20020821类别:科幻参考:BUGTRAQ: 20020817启用java日志MSIE危险参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102961031107261&w=2Java日志功能的Java虚拟机在Internet Explorer中写到输出system . out等功能。println已知路径名,可以用来执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0979 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0982网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0982最终决定:阶段性裁决:修改:建议:20020830分配:20020822类别:科幻参考:BUGTRAQ: 20020822任意命令执行经销商SQL Server 2000的机器上(# NISR22002002A)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103004505027360&w=2Microsoft SQL Server 2000 SP2,当配置为一个经销商,允许攻击者执行任意代码通过@scriptfile sp_MScopyscript存储过程参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0982 3供应商确认:未知的模糊的准确性:揭露者建议:女士ms02 - 043可以解决这个问题,但是它没有特别提及这个问题,所以没有足够的信息来确定。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0983网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0983最终决定:阶段性裁决:修改:建议:20020830分配:20020823类别:科幻参考:DEBIAN: dsa - 157参考:网址:http://www.debian.org/security/2002/dsa - 157参考:报价:5055参考:网址:http://www.securityfocus.com/bid/5055IRC客户机在irssi-text irssi 0.8.4允许远程攻击者造成拒绝服务(崩溃)通过IRC频道,有着悠久的主题之后,某个字符串,可能引发缓冲区溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0983 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0985网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0985最终决定:阶段性裁决:修改:建议:20020830分配:20020823类别:科幻参考:BUGTRAQ: 20020823 PHP:旁路safe_mode和注入ASCII控制字符与邮件()参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2在PHP 4邮件功能。4.2.2 x可能允许远程攻击者绕过安全模式限制和修改命令行参数MTA(例如sendmail)在第五参数邮件(),改变MTA行为和可能执行命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0985 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0986网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0986最终决定:阶段性裁决:修改:建议:20020830分配:20020823类别:科幻参考:BUGTRAQ: 20020823 PHP:旁路safe_mode和注入ASCII控制字符与邮件()参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2在PHP 4邮件功能。x 4.2.2不过滤的ASCII控制字符参数,这可能允许远程攻击者修改邮件内容,包括邮件的标题,并可能使用PHP作为一个“垃圾邮件代理。”Analysis ---------------- ED_PRI CAN-2002-0986 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1069 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1069最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020822 Re:可能的利用:友讯科技di - 804非法DHCP发布参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103004834131542&w=2参考:BUGTRAQ: 20020822可能的利用:友讯科技di - 804非法DHCP释放WAN参考:网址:http://online.securityfocus.com/archive/1/288584参考:XF: dlink-admin-dhcp-release(9967)参考:网址:http://www.iss.net/security_center/static/9967.php参考:XF: dlink-admin-device-information(9969)参考:网址:http://www.iss.net/security_center/static/9969.php参考:报价:5544参考:网址:http://www.securityfocus.com/bid/5544参考:报价:5553参考:网址:http://www.securityfocus.com/bid/5553友讯科技的远程管理功能di - 804路由器4.68允许远程攻击者绕过身份验证和发布DHCP地址或直接获取敏感信息通过一个web请求的页面(1)释放。htm,(2)设备状态,或(3)设备信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1069 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1080网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1080最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020822深渊1.0.3目录遍历和管理缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html参考:XF: abyss-admin-console-access(9957)参考:网址:http://www.iss.net/security_center/static/9957.php参考:报价:5548参考:网址:http://www.securityfocus.com/bid/5548Web服务器的管理控制台深渊1.0.3补丁前2允许远程攻击者获得特权和修改服务器配置通过直接请求(1)srvstatus等合作文件。的背影,(2)consport。的背影,(3)。的背影,(4)srvparam。的背影,(5)advanced.chl。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1080 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 103 - 41的候选人
- 下一个按日期:再保险:[CVEPRI]进展报告CVE的及时性
- Prev线程:(提案)集群最近- 103 - 41的候选人
- 指数(es):
