Lucene search

[email protected]CVE-2002-0108

HistoryMar 25, 2002 - 5:00 a.m.

CVE-2002-0108

2002-03-2505:00:00

[email protected]

web.nvd.nist.gov

allaire forums

remote access

user spoofing

cve-2002-0108

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.7%

JSON

Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.

Affected configurations

NVD

Node

allaireforumsMatch2.0.4

allaireforumsMatch2.0.5

allaireforumsMatch3.0

allaireforumsMatch3.1

CPENameOperatorVersion
allaire:forumsallaire forumseq2.0.4
allaire:forumsallaire forumseq2.0.5
allaire:forumsallaire forumseq3.0
allaire:forumsallaire forumseq3.1

CPE	Name	Operator	Version
allaire:forums	allaire forums	eq	2.0.4
allaire:forums	allaire forums	eq	2.0.5
allaire:forums	allaire forums	eq	3.0
allaire:forums	allaire forums	eq	3.1

References

online.securityfocus.com/archive/1/249026

www.iss.net/security_center/static/7841.php

www.kb.cert.org/vuls/id/575619

www.securityfocus.com/bid/3827

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2002-0108

cert1 cvelist1 nvd1