CVE-2002-0513 - Vulnerability Details - OpenCVE

The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:symatec:popper_mod:1.0:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2.1:::::::*

No data.

No data.

Subscriptions

Vendors	Products
Symatec Subscribe	Popper Mod Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2002-0509	The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://online.securityfocus.com/archive/1/265438
http://www.iss.net/security_center/static/8746.php
http://www.securityfocus.com/bid/4412
http://www.symatec-computer.com/forums/viewtopic.php?t=14

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00.000Z

Updated: 2024-08-08T02:49:28.991Z

Reserved: 2002-06-07T00:00:00.000Z

Link: CVE-2002-0513

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-08-12T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-0513

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-03-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-15T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4412", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4412", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8746.php"}, {"name": "http://www.symatec-computer.com/forums/viewtopic.php?t=14", "refsource": "CONFIRM", "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:49:28.991Z"}, "title": "CVE Program Container", "references": [{"name": "4412", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0513", "datePublished": "2003-04-02T05:00:00.000Z", "dateReserved": "2002-06-07T00:00:00.000Z", "dateUpdated": "2024-08-08T02:49:28.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symatec:popper_mod:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8516A639-CBD1-4AAF-868B-5377A9BE9FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "188C56B1-4838-4D90-A307-32779C5FC220", "vulnerable": true}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "105621FF-74A7-428E-9C56-95DF99B3282F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}, {"lang": "es", "value": "El gui\u00f3n (script) de administraci\u00f3n PHP en popper_mod 1.2.1 y anteriores se basa en autenticaci\u00f3n de Apache con .htaccess, lo que permite a atacantes remotos ganar privilegios si el gui\u00f3n no es configurado adecuadamente por el administrador."}], "id": "CVE-2002-0513", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4412"}, {"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}