CVE-2002-0107 - OpenCVE

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cacheflow	Cacheos

Configuration 1 [-]

OR	cpe:2.3:a:cacheflow:cacheos:0.0:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.02:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.03:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.04:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.05:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.06:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.07:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.08:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.09:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.10:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.11:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.12:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.13:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.14:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.15:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.16:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.17:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.18:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.19:::::::*
	cpe:2.3:a:cacheflow:cacheos:3.1.20:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.11:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.12:::::::*
	cpe:2.3:a:cacheflow:cacheos:4.0.13:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=101052887431488&w=2
http://online.securityfocus.com/archive/1/254167	Exploit Patch Vendor Advisory
http://www.iss.net/security_center/static/7835.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/3841	Exploit Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2002-03-22T10:00:00

Reserved: 2002-03-15T00:00:00

Link: CVE-2002-0107

JSON object: View

NVD Information

Status : Modified

Published: 2002-03-25T05:00:00.000

Modified: 2016-10-18T02:16:14.750

Link: CVE-2002-0107

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-01-08T00:00:00", "descriptions": [{"lang": "en", "value": "Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3841", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3841"}, {"name": "20020108 svindel.net security advisory - web admin vulnerability in CacheOS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101052887431488&w=2"}, {"name": "20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/254167"}, {"name": "cachos-insecure-web-interface(7835)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7835.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3841", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3841"}, {"name": "20020108 svindel.net security advisory - web admin vulnerability in CacheOS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101052887431488&w=2"}, {"name": "20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/254167"}, {"name": "cachos-insecure-web-interface(7835)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7835.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0107", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2002-03-22T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cacheflow:cacheos:0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A43360C0-F97C-4856-B2F0-2054E1283E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "9508AE48-ACB1-4262-9225-BE82655E433E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.03:*:*:*:*:*:*:*", "matchCriteriaId": "AF51C047-A39B-4598-8AB6-A5BCD6544C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.04:*:*:*:*:*:*:*", "matchCriteriaId": "B53C88D9-9F78-4F2B-87AD-700BD7B5167D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.05:*:*:*:*:*:*:*", "matchCriteriaId": "2B3DC615-974E-41F1-910F-8574A21B4C17", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.06:*:*:*:*:*:*:*", "matchCriteriaId": "1F9CF9F8-CD3C-45BC-8669-FA44C1FA1D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.07:*:*:*:*:*:*:*", "matchCriteriaId": "4203A30C-9153-4C89-9604-D7E74861D2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.08:*:*:*:*:*:*:*", "matchCriteriaId": "1A284B71-00B5-4539-A176-4E231F81BCC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.09:*:*:*:*:*:*:*", "matchCriteriaId": "4E4A3FCB-4222-448D-8A89-6A69E757593A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "1EB89566-E571-43D4-982B-B860C448F4CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "DD20C05A-7040-4305-808A-E9A0AA1D7E98", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "8E789A31-05A5-48BD-9B80-192B41D7AAF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "9CFC926C-4463-41BD-A819-4AF19548E982", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "539BC4BB-5D6B-444B-B74F-14794F401680", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "0DFE513C-0EB2-453B-B169-F0B05302372A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "E78563D4-5177-442C-B181-DD84E4D0E991", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "D1F6FB3F-23D2-4284-BB6E-E6FED09929F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "6FFAB96C-91F8-4244-A41D-1B9FC1015063", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "C3580F58-C6B7-4A52-888D-45C3FB10CA80", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:3.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "3884B739-CD22-4D24-8CB4-20D26219C379", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "F6E1982C-61B6-4BCF-9406-80713CDD021B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "CB5378EB-42E0-4EEF-A658-DD20F21D545E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cacheflow:cacheos:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "34E3DB9D-309D-4D03-AD5A-5B74CBB4E24C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message."}, {"lang": "es", "value": "El interfaz web de adminsitraci\u00f3n en CacheFlow CacheOS 4.0.13 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible mediante una serie de peticiones GET que no terminan con con 'HTTP/1.0' u otra cadena de versi\u00f3n, lo que produce fugas de informaci\u00f3n en el mensaje de error."}], "id": "CVE-2002-0107", "lastModified": "2016-10-18T02:16:14.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-25T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101052887431488&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/254167"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7835.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}