CVE-2002-0513 - Vulnerability Details - OpenCVE

The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symatec	Popper Mod

Configuration 1 [-]

OR	cpe:2.3:a:symatec:popper_mod:1.0:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2:::::::*
	cpe:2.3:a:symatec:popper_mod:1.2.1:::::::*

No data.

References

Link	Providers
http://online.securityfocus.com/archive/1/265438
http://www.iss.net/security_center/static/8746.php
http://www.securityfocus.com/bid/4412
http://www.symatec-computer.com/forums/viewtopic.php?t=14

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2024-08-08T02:49:28.991Z

Reserved: 2002-06-07T00:00:00

Link: CVE-2002-0513

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-08-12T04:00:00.000

Modified: 2024-11-20T23:39:16.077

Link: CVE-2002-0513

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4412", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4412", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8746.php"}, {"name": "http://www.symatec-computer.com/forums/viewtopic.php?t=14", "refsource": "CONFIRM", "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:49:28.991Z"}, "title": "CVE Program Container", "references": [{"name": "4412", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4412"}, {"name": "20020330 popper_mod 1.2.1 and previous accounts compromise", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"name": "symatec-popper-admin-access(8746)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0513", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-06-07T00:00:00", "dateUpdated": "2024-08-08T02:49:28.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symatec:popper_mod:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8516A639-CBD1-4AAF-868B-5377A9BE9FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "188C56B1-4838-4D90-A307-32779C5FC220", "vulnerable": true}, {"criteria": "cpe:2.3:a:symatec:popper_mod:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "105621FF-74A7-428E-9C56-95DF99B3282F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator."}, {"lang": "es", "value": "El gui\u00f3n (script) de administraci\u00f3n PHP en popper_mod 1.2.1 y anteriores se basa en autenticaci\u00f3n de Apache con .htaccess, lo que permite a atacantes remotos ganar privilegios si el gui\u00f3n no es configurado adecuadamente por el administrador."}], "id": "CVE-2002-0513", "lastModified": "2024-11-20T23:39:16.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4412"}, {"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/265438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8746.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.symatec-computer.com/forums/viewtopic.php?t=14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}