CVE-2002-2335 - OpenCVE

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
John Drake	Killer Protection

Configuration 1 [-]

cpe:2.3:a:john_drake:killer_protection:1.0:*:*:*:*:*:*:*

References

Link	Resource
http://online.securityfocus.com/archive/1/294208
http://www.iss.net/security_center/static/10315.php
http://www.securityfocus.com/bid/5905

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:50

Updated: 2022-10-03T16:23:50

Reserved: 2022-10-03T00:00:00

Link: CVE-2002-2335

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-12-31T05:00:00.000

Modified: 2008-09-05T20:32:57.413

Link: CVE-2002-2335

JSON object: View

Redhat Information

No data.

CWE

CWE-16

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "killer-protection-vars-password(10315)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10315.php"}, {"name": "5905", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5905"}, {"name": "20021006 phpSecurePages & Killer Protection ( PHP )", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/294208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "killer-protection-vars-password(10315)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10315.php"}, {"name": "5905", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5905"}, {"name": "20021006 phpSecurePages & Killer Protection ( PHP )", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/294208"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2335", "datePublished": "2022-10-03T16:23:50", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:50", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}