Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1064

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1064
Last Modified 05 Sep 2008 04:29:41
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1064

Summary

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

Vulnerable Systems

Application

  • T. Hauck Jana Web Server 1.0

  • T. Hauck Jana Web Server 1.45

  • T. Hauck Jana Web Server 1.46

  • T. Hauck Jana Web Server 2.0

  • T. Hauck Jana Web Server 2.0 Beta1

  • T. Hauck Jana Web Server 2.0 Beta2

  • T. Hauck Jana Web Server 2.2.1


References

BID - 5326

XF - jana-pop3-bruteforce(9688)

BUGTRAQ - 20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer


Last Updated: 27 May 2016 10:37:10