var-200303-0027
Vulnerability from variot
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. The "Simple, Secure Webserver" is a HTTP proxy included with Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor and Symantec Gateway Security. An information disclosure vulnerability has been reported in this component. According to the report, it is possible for external hosts to identify responsive hosts on the network connected to the internal interface. Responsive and unresponsive hosts can be distinguished based on the response to a CONNECT request for a guessed internal IP address. This vulnerability can generate different error messages when the host is online
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "6.5.2"
},
{
"model": "raptor firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "raptor firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "6.5.3"
},
{
"model": "raptor firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.3"
},
{
"model": "raptor firewall windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "5959"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by AI-SEC Security.",
"sources": [
{
"db": "BID",
"id": "5959"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1535",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5920",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1535",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5920",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5920"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. The \"Simple, Secure Webserver\" is a HTTP proxy included with Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor and Symantec Gateway Security. An information disclosure vulnerability has been reported in this component. According to the report, it is possible for external hosts to identify responsive hosts on the network connected to the internal interface. Responsive and unresponsive hosts can be distinguished based on the response to a CONNECT request for a guessed internal IP address. This vulnerability can generate different error messages when the host is online",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1535"
},
{
"db": "BID",
"id": "5959"
},
{
"db": "VULHUB",
"id": "VHN-5920"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5959",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1535",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098",
"trust": 0.7
},
{
"db": "XF",
"id": "10363",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021014 SYMANTEC ENTERPRISE FIREWALL SECURE WEBSERVER INFO LEAK",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5920",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5920"
},
{
"db": "BID",
"id": "5959"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"id": "VAR-200303-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5920"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:12:08.950000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/5959"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html"
},
{
"trust": 2.7,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2002.10.11a.html"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/10363.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5920"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5920"
},
{
"db": "BID",
"id": "5959"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-5920"
},
{
"date": "2002-10-14T00:00:00",
"db": "BID",
"id": "5959"
},
{
"date": "2003-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"date": "2003-03-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5920"
},
{
"date": "2009-07-11T18:06:00",
"db": "BID",
"id": "5959"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-098"
},
{
"date": "2024-11-20T23:41:32.197000",
"db": "NVD",
"id": "CVE-2002-1535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec HTTP Agent information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5959"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-098"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.