Lucene search

MitreCVE-2003-1363

HistoryOct 17, 2007 - 1:00 a.m.

CVE-2003-1363

2007-10-1701:00:00

mitre

web.nvd.nist.gov

abyss web server

aprelium technologies

cve-2003-1363

brute-force attack

web management interface

remote attack

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.

Affected configurations

Nvd

Node

aprelium_technologiesabyss_web_serverRange≤1.1.2

VendorProductVersionCPE
aprelium_technologiesabyss_web_server*cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aprelium_technologies	abyss_web_server	*	cpe:2.3:a:aprelium_technologies:abyss_web_server::::::::

References

archives.neohapsis.com/archives/bugtraq/2003-02/0149.html

www.iss.net/security_center/static/11310.php

www.securityfocus.com/bid/6842

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

Related for CVE-2003-1363