CVE-2002-0315 - OpenCVE

fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Grokster	Grokster
Music City Networks	Morpheus
Fasttrack	Kazaa

Configuration 1 [-]

OR	cpe:2.3:a:fasttrack:kazaa:1.2:::::::*
	cpe:2.3:a:fasttrack:kazaa:1.3:::::::*
	cpe:2.3:a:fasttrack:kazaa:1.3.3:::::::*
	cpe:2.3:a:fasttrack:kazaa:1.4:::::::*
	cpe:2.3:a:fasttrack:kazaa:1.5:::::::*
	cpe:2.3:a:grokster:grokster:1.3:::::::*
	cpe:2.3:a:grokster:grokster:1.3.3:::::::*
	cpe:2.3:a:music_city_networks:morpheus:1.3:::::::*
	cpe:2.3:a:music_city_networks:morpheus:1.3.3:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=101441689224760&w=2
http://www.iss.net/security_center/static/8272.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/4121	Exploit Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2002-05-01T00:00:00

Link: CVE-2002-0315

JSON object: View

NVD Information

Status : Modified

Published: 2002-06-25T04:00:00.000

Modified: 2016-10-18T02:18:58.463

Link: CVE-2002-0315

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101441689224760&w=2"}, {"name": "fasttrack-message-service-spoof(8272)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8272.php"}, {"name": "4121", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4121"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101441689224760&w=2"}, {"name": "fasttrack-message-service-spoof(8272)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8272.php"}, {"name": "4121", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4121"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0315", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2016-10-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fasttrack:kazaa:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1822B5C-7CF1-471A-BCEB-45C0B7D4557F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasttrack:kazaa:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952CFB2E-0EDC-42F7-AE61-FE24B788560E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasttrack:kazaa:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C1BF80EB-9419-4DFE-981C-16A13BA2514D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasttrack:kazaa:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2167462C-1EE2-4135-A3C7-B406B2B4B1BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasttrack:kazaa:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BB6683D8-EF86-46EF-86A8-3C6F9BAF63BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:grokster:grokster:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1A111C90-0690-4959-A5A1-90DD92A29B47", "vulnerable": true}, {"criteria": "cpe:2.3:a:grokster:grokster:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6C612287-28B4-4076-9996-1612664A1197", "vulnerable": true}, {"criteria": "cpe:2.3:a:music_city_networks:morpheus:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "428A1F71-03EA-44CC-AE40-6FD6BA9BB842", "vulnerable": true}, {"criteria": "cpe:2.3:a:music_city_networks:morpheus:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3C458BE-897A-4C88-BAB6-86755B896B89", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header."}], "id": "CVE-2002-0315", "lastModified": "2016-10-18T02:18:58.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-06-25T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101441689224760&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8272.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4121"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}