Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0236

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0236
Last Modified 05 Sep 2008 04:27:30
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0236

Summary

Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.

Vulnerable Systems

Application

  • Lucent Vitalanalysis 8.0

  • Lucent Vitalanalysis 8.1

  • Lucent Vitalanalysis 8.2

  • Lucent Vitalevent 8.0

  • Lucent Vitalevent 8.1

  • Lucent Vitalevent 8.2

  • Lucent Vitalhelp 8.0

  • Lucent Vitalhelp 8.1

  • Lucent Vitalhelp 8.2

  • Lucent Vitalnet 8.0

  • Lucent Vitalnet 8.1

  • Lucent Vitalnet 8.2

  • Lucent Vitalsuite 8.0

  • Lucent Vitalsuite 8.1

  • Lucent Vitalsuite 8.2


References

BID - 3784

XF - vitalnet-unauth-access(7936)

BUGTRAQ - 20020205 Published Report of Vulnerability in Lucent VitalSuite Software


Last Updated: 27 May 2016 10:36:50