Lucene search

[email protected]CVE-2002-0095

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0095

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0095

bscw

default configuration

self registration

unauthorised access

file upload

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.

Affected configurations

NVD

Node

fraunhofer_fitbscwMatch3.4

fraunhofer_fitbscwMatch4.0

fraunhofer_fitbscwMatch4.0.6

CPENameOperatorVersion
fraunhofer_fit:bscwfraunhofer fit bscweq3.4
fraunhofer_fit:bscwfraunhofer fit bscweq4.0
fraunhofer_fit:bscwfraunhofer fit bscweq4.0.6

CPE	Name	Operator	Version
fraunhofer_fit:bscw	fraunhofer fit bscw	eq	3.4
fraunhofer_fit:bscw	fraunhofer fit bscw	eq	4.0
fraunhofer_fit:bscw	fraunhofer fit bscw	eq	4.0.6

References

www.iss.net/security_center/static/7775.php

www.securityfocus.com/archive/1/248000

www.securityfocus.com/bid/3777

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2002-0095

cvelist1 nvd1