Lucene search

[email protected]NVD:CVE-2002-2335

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2335

2002-12-3105:00:00

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.008

Percentile

82.3%

JSON

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

Affected configurations

Nvd

Node

john_drakekiller_protectionMatch1.0

VendorProductVersionCPE
john_drakekiller_protection1.0cpe:2.3:a:john_drake:killer_protection:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
john_drake	killer_protection	1.0	cpe:2.3:a:john_drake:killer_protection:1.0:::::::*

References

online.securityfocus.com/archive/1/294208

www.iss.net/security_center/static/10315.php

www.securityfocus.com/bid/5905

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.008

Percentile

82.3%

JSON

Related for NVD:CVE-2002-2335

cvelist1 exploitdb1 cve1