Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0014

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0014
Last Modified 10 Sep 2008 03:11:03
Published 26 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0014

Summary

URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).

Vulnerable Systems

Application

  • University Of Washington Pine 4.20

  • University Of Washington Pine 4.21

  • University Of Washington Pine 4.30

  • University Of Washington Pine 4.33


References

REDHAT - RHSA-2002:009

BUGTRAQ - 20020105 Pine 4.33 (at least) URL handler allows embedded commands.

HP - HPSBTL0201-015

BID - 3815

CONECTIVA - CLA-2002:460


Last Updated: 27 May 2016 10:36:44