CVE-2002-0133 - OpenCVE

Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avirt	Avirt Gateway Avirt Gateway Suite Avirt Soho

Configuration 1 [-]

OR	cpe:2.3:a:avirt:avirt_gateway:4.2:::::::*
	cpe:2.3:a:avirt:avirt_gateway_suite:4.2:::::::*
	cpe:2.3:a:avirt:avirt_soho:4.2:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=101164598828092&w=2
http://marc.info/?l=bugtraq&m=101366658112809&w=2
http://marc.info/?l=bugtraq&m=101424723728817&w=2
http://online.securityfocus.com/archive/1/251055
http://www.iss.net/security_center/static/7916.php
http://www.iss.net/security_center/static/7918.php
http://www.securityfocus.com/bid/3904
http://www.securityfocus.com/bid/3905

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-15T05:00:00

Updated: 2024-08-08T02:42:27.529Z

Reserved: 2002-03-15T00:00:00

Link: CVE-2002-0133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-03-25T05:00:00.000

Modified: 2016-10-18T02:16:26.127

Link: CVE-2002-0133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "avirt-telnet-proxy-bo(7918)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7918.php"}, {"name": "20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101366658112809&w=2"}, {"name": "20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101164598828092&w=2"}, {"name": "20020117 Avirt Proxy Buffer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/251055"}, {"name": "avirt-http-proxy-bo(7916)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7916.php"}, {"name": "3905", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3905"}, {"name": "3904", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3904"}, {"name": "20020220 Avirt 4.2 question", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "avirt-telnet-proxy-bo(7918)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7918.php"}, {"name": "20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101366658112809&w=2"}, {"name": "20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101164598828092&w=2"}, {"name": "20020117 Avirt Proxy Buffer Overflow Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/251055"}, {"name": "avirt-http-proxy-bo(7916)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7916.php"}, {"name": "3905", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3905"}, {"name": "3904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3904"}, {"name": "20020220 Avirt 4.2 question", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:42:27.529Z"}, "title": "CVE Program Container", "references": [{"name": "avirt-telnet-proxy-bo(7918)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7918.php"}, {"name": "20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101366658112809&w=2"}, {"name": "20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101164598828092&w=2"}, {"name": "20020117 Avirt Proxy Buffer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/251055"}, {"name": "avirt-http-proxy-bo(7916)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7916.php"}, {"name": "3905", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3905"}, {"name": "3904", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3904"}, {"name": "20020220 Avirt 4.2 question", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0133", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T02:42:27.529Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avirt:avirt_gateway:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "366D7DA0-C73C-4ABC-931D-ED24082EC751", "vulnerable": true}, {"criteria": "cpe:2.3:a:avirt:avirt_gateway_suite:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E44ECB72-BA5B-4BB4-86C7-2FF9F285229B", "vulnerable": true}, {"criteria": "cpe:2.3:a:avirt:avirt_soho:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "C44DE6DB-B95F-4F74-8217-30E3B5D21D2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy."}, {"lang": "es", "value": "El desbordamiento del buffer en Avirt Gateway Suite 4.2 permite a atacantes remotos causar fallos de denegaci\u00f3n de servicio y la posible ejecuci\u00f3n de c\u00f3digo arbitrario por dos v\u00edas:1: un campo de cabecera largo al proxy HTTP.2: una cadena de caracteres larga al proxy telnet."}], "id": "CVE-2002-0133", "lastModified": "2016-10-18T02:16:26.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-25T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101164598828092&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101366658112809&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/251055"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7916.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7918.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3904"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3905"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}