VAR-200207-0051
Vulnerability from variot - Updated: 2025-04-03 22:41Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. The condition is reportedly due to an inability to handle large requests. The overflow occurs in kernel memory. It may be possible to execute arbitrary code in this context to compromise the system. The HTTP proxy component included in NPIF lacks correct buffer boundary checks when handling very long hostnames. Remote attackers can exploit this vulnerability to perform buffer overflow attacks. An attacker could exploit this vulnerability by accessing NPIF's HTTP proxy requests through an internal connection or by attaching a malicious email or instructing the user to connect to a malicious WEB site to download code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200207-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "norton internet security",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "2001"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "2001_3.0.4.91"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20013.0.4.91"
},
{
"model": "norton internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20010"
},
{
"model": "norton personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "2002"
},
{
"model": "norton internet security professional edition",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "20020"
},
{
"model": "norton internet security",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "20020"
}
],
"sources": [
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "advisories@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200207-131",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5054",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. The condition is reportedly due to an inability to handle large requests. \nThe overflow occurs in kernel memory. It may be possible to execute arbitrary code in this context to compromise the system. The HTTP proxy component included in NPIF lacks correct buffer boundary checks when handling very long hostnames. Remote attackers can exploit this vulnerability to perform buffer overflow attacks. An attacker could exploit this vulnerability by accessing NPIF\u0027s HTTP proxy requests through an internal connection or by attaching a malicious email or instructing the user to connect to a malicious WEB site to download code",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "VULHUB",
"id": "VHN-5054"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5237",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0663",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "4366",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131",
"trust": 0.7
},
{
"db": "ATSTAKE",
"id": "A071502-1",
"trust": 0.6
},
{
"db": "XF",
"id": "9579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5054",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"id": "VAR-200207-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:58.799000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2002.07.15.html"
},
{
"trust": 1.7,
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5237"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/4366"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9579.php"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/sabu/nis/npf/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-5054"
},
{
"date": "2002-07-15T00:00:00",
"db": "BID",
"id": "5237"
},
{
"date": "2002-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"date": "2002-07-26T04:00:00",
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5054"
},
{
"date": "2002-07-15T00:00:00",
"db": "BID",
"id": "5237"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-131"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Norton Personal Firewall/Internet Security 2001 Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…