CVE-2002-1154 - Vulnerability Details - OpenCVE

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00672.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Powertools
Stephen Turner	Analog

Configuration 1 [-]

cpe:2.3:a:stephen_turner:analog:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Powertools 7.1
	cpe:/a:redhat:powertools:7.1	RHSA-2002:059	2002-10-10T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2002-1141	anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.analog.cx/security5.html
http://www.iss.net/security_center/static/10344.php
http://www.osvdb.org/3779
http://www.redhat.com/support/errata/RHSA-2002-059.html
https://nvd.nist.gov/vuln/detail/CVE-2002-1154
https://www.cve.org/CVERecord?id=CVE-2002-1154

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T03:12:17.352Z

Reserved: 2002-09-25T00:00:00

Link: CVE-2002-1154

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-10-11T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-1154

Redhat

Severity :

Publid Date: 2002-05-14T00:00:00Z

Links: CVE-2002-1154 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-08-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.analog.cx/security5.html"}, {"name": "RHSA-2002:059", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"}, {"name": "analog-anlgform-dos(10344)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10344.php"}, {"name": "3779", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/3779"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.analog.cx/security5.html", "refsource": "CONFIRM", "url": "http://www.analog.cx/security5.html"}, {"name": "RHSA-2002:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"}, {"name": "analog-anlgform-dos(10344)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10344.php"}, {"name": "3779", "refsource": "OSVDB", "url": "http://www.osvdb.org/3779"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:12:17.352Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.analog.cx/security5.html"}, {"name": "RHSA-2002:059", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"}, {"name": "analog-anlgform-dos(10344)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/10344.php"}, {"name": "3779", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/3779"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1154", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-09-25T00:00:00", "dateUpdated": "2024-08-08T03:12:17.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stephen_turner:analog:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3CAC4D9-72CC-4D2A-9CC8-6276453F3792", "versionEndIncluding": "5.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log."}, {"lang": "es", "value": "anlgform.pl en Analog anteriores a 5.23 no restringe el acceso al comando de actualizaci\u00f3n de progreso PROGRESSFREQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servico (consumici\u00f3n de disco) usando el comando para generar informes con m\u00e1s frecuencia y llenar el registro de errores del servidor web."}], "id": "CVE-2002-1154", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-10-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.analog.cx/security5.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10344.php"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/3779"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.analog.cx/security5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10344.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/3779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}