Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0738

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0738
Last Modified 05 Sep 2008 04:28:49
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0738

Summary

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.

Vulnerable Systems

Application

  • Mhonarc 2.5

  • Mhonarc 2.5.1

  • Mhonarc 2.5.2


References

BID - 4546

XF - mhonarc-script-filtering-bypass(8894)

CONFIRM - http://www.mhonarc.org/MHonArc/CHANGES

DEBIAN - DSA-163

BUGTRAQ - 20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability


Last Updated: 27 May 2016 10:37:03