cve-2002-0007
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
Summary
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-01/0034.htmlPatch, Vendor Advisory
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=54901Vendor Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2002-001.html
cve@mitre.orghttp://www.bugzilla.org/security2_14_1.html
cve@mitre.orghttp://www.securityfocus.com/bid/3792
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7812
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=54901Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2002-001.html
af854a3a-2127-422b-91ae-364da2661108http://www.bugzilla.org/security2_14_1.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3792
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7812
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:35:17.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2002:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-001.html"
          },
          {
            "name": "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.bugzilla.org/security2_14_1.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=54901"
          },
          {
            "name": "bugzilla-ldap-auth-bypass(7812)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7812"
          },
          {
            "name": "3792",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2002:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-001.html"
        },
        {
          "name": "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.bugzilla.org/security2_14_1.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=54901"
        },
        {
          "name": "bugzilla-ldap-auth-bypass(7812)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7812"
        },
        {
          "name": "3792",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2002:001",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-001.html"
            },
            {
              "name": "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
            },
            {
              "name": "http://www.bugzilla.org/security2_14_1.html",
              "refsource": "CONFIRM",
              "url": "http://www.bugzilla.org/security2_14_1.html"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=54901",
              "refsource": "MISC",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=54901"
            },
            {
              "name": "bugzilla-ldap-auth-bypass(7812)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7812"
            },
            {
              "name": "3792",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0007",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-01-09T00:00:00",
    "dateUpdated": "2024-08-08T02:35:17.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.14.1\", \"matchCriteriaId\": \"F99F6759-911F-4616-B27E-0EF33A08F2D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.\"}, {\"lang\": \"es\", \"value\": \"CGl.pl en Bugzilla anterior a la 2.14.1, cuando se usa LDAP, permite que atacantes remotos obtengan una conexi\\u00f3n an\\u00f3nima con el servidor LDAP por medio de una petici\\u00f3n que no incluye una clave, lo que provoca que se env\\u00ede una clave nula al servidor LDAP.\"}]",
      "id": "CVE-2002-0007",
      "lastModified": "2024-11-20T23:38:04.860",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2002-01-31T05:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://bugzilla.mozilla.org/show_bug.cgi?id=54901\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.bugzilla.org/security2_14_1.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3792\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7812\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://bugzilla.mozilla.org/show_bug.cgi?id=54901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.bugzilla.org/security2_14_1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3792\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7812\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-0007\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-01-31T05:00:00.000\",\"lastModified\":\"2024-11-20T23:38:04.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.\"},{\"lang\":\"es\",\"value\":\"CGl.pl en Bugzilla anterior a la 2.14.1, cuando se usa LDAP, permite que atacantes remotos obtengan una conexi\u00f3n an\u00f3nima con el servidor LDAP por medio de una petici\u00f3n que no incluye una clave, lo que provoca que se env\u00ede una clave nula al servidor LDAP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.14.1\",\"matchCriteriaId\":\"F99F6759-911F-4616-B27E-0EF33A08F2D3\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://bugzilla.mozilla.org/show_bug.cgi?id=54901\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.bugzilla.org/security2_14_1.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3792\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7812\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://bugzilla.mozilla.org/show_bug.cgi?id=54901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.bugzilla.org/security2_14_1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.