Lucene search
MitreCVE-2002-2389HistoryOct 31, 2007 - 4:00 p.m.
CVE-2002-2389
2007-10-3116:00:00
CWE-255
mitre
web.nvd.nist.gov
29
theserver 1.74
web server
server.ini
access control
remote attackers
cleartext passwords
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.011
Percentile
84.7%
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
Affected configurations
Node
fastlink_softwarethe_serverMatch1.74
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fastlink_software | the_server | 1.74 | cpe:2.3:a:fastlink_software:the_server:1.74:*:*:*:*:*:*:* |
Related
openvas
openvas
TheServer clear text password
2005-11-03 00:00:00
TheServer clear text password
2005-11-03 00:00:00
cvelist
cvelist
CVE-2002-2389
2007-10-31 16:00:00
nvd
nvd
CVE-2002-2389
2002-12-31 05:00:00
nessus
nessus
TheServer server.ini Direct Request Plaintext Credentials Disclosure
2003-10-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.011
Percentile
84.7%
Related for CVE-2002-2389