VAR-200212-0524
Vulnerability from variot - Updated: 2025-04-03 22:41Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. Reportedly, Tiny Personal Firewall is vulnerable to a denial of service condition. The vulnerability occurs when a user selects to browse the Personal Firewall Agent Logs and when the system is being portscanned. This will cause Tiny Personal Firewall to consume all CPU resources and cause the system to stop responding and eventually crash. Tiny Personal Firewall is a firewall suitable for personal computers, which can protect against network attacks, worms, Trojan horses and viruses, and can run under the Microsoft Windows operating system. 2) IP forgery and denial of service attack vulnerability: When Tiny Personal Firewall is fully configured and the firewall level is set to high, there is a problem when Tiny Personal Firewall blocks the communication whose source address is the IP address of the firewall itself, and the attacker can forge the source address Bypass firewall rules for packets to the firewall's own IP address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "tiny",
"version": "3.0.6"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "tiny",
"version": "3.0.5"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "tiny",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "5525"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Lu\u203b b45h3r@techie.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6308",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1925",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-808",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6308",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6308"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. Reportedly, Tiny Personal Firewall is vulnerable to a denial of service condition. The vulnerability occurs when a user selects to browse the Personal Firewall Agent Logs and when the system is being portscanned. \nThis will cause Tiny Personal Firewall to consume all CPU resources and cause the system to stop responding and eventually crash. Tiny Personal Firewall is a firewall suitable for personal computers, which can protect against network attacks, worms, Trojan horses and viruses, and can run under the Microsoft Windows operating system. 2) IP forgery and denial of service attack vulnerability: When Tiny Personal Firewall is fully configured and the firewall level is set to high, there is a problem when Tiny Personal Firewall blocks the communication whose source address is the IP address of the firewall itself, and the attacker can forge the source address Bypass firewall rules for packets to the firewall\u0027s own IP address",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1925"
},
{
"db": "BID",
"id": "5525"
},
{
"db": "VULHUB",
"id": "VHN-6308"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5525",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1925",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808",
"trust": 0.7
},
{
"db": "XF",
"id": "9918",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3334",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020820 NSSI-2002-TPFW: TINY PERSONAL FIREWALL 3.0 DENIAL OF SERVICE VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6308"
},
{
"db": "BID",
"id": "5525"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"id": "VAR-200212-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6308"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:57.735000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5525"
},
{
"trust": 1.7,
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00298.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9918.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3334"
},
{
"trust": 0.3,
"url": "http://www.tinysoftware.com/home/tiny?s=7741043568395572227a0\u0026\u0026pg=tpf_summary"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6308"
},
{
"db": "BID",
"id": "5525"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6308"
},
{
"db": "BID",
"id": "5525"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6308"
},
{
"date": "2002-08-20T00:00:00",
"db": "BID",
"id": "5525"
},
{
"date": "2002-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6308"
},
{
"date": "2002-08-20T00:00:00",
"db": "BID",
"id": "5525"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-808"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tiny Personal Firewall Local denial of service attacks and IP Forgery vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-808"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…