Search criteria
1 vulnerability by fastlink_software
CVE-2002-2389 (GCVE-0-2002-2389)
Vulnerability from cvelistv5 – Published: 2007-10-31 16:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "fastlink-theserver-plaintext-passwords(9624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9624.php"
},
{
"name": "1004799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1004799"
},
{
"name": "20020717 TheServer cleartext password sillyness.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html"
},
{
"name": "20021014 TheServer log file access password in cleartext w/vendor resolution.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/295325"
},
{
"name": "5250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-31T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "fastlink-theserver-plaintext-passwords(9624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9624.php"
},
{
"name": "1004799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1004799"
},
{
"name": "20020717 TheServer cleartext password sillyness.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html"
},
{
"name": "20021014 TheServer log file access password in cleartext w/vendor resolution.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/295325"
},
{
"name": "5250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fastlink-theserver-plaintext-passwords(9624)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9624.php"
},
{
"name": "1004799",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1004799"
},
{
"name": "20020717 TheServer cleartext password sillyness.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html"
},
{
"name": "20021014 TheServer log file access password in cleartext w/vendor resolution.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/295325"
},
{
"name": "5250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2389",
"datePublished": "2007-10-31T16:00:00Z",
"dateReserved": "2007-10-31T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:32.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}