FKIE_CVE-2002-0108

Vulnerability from fkie_nvd - Published: 2002-03-25 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
References
cve@mitre.orghttp://online.securityfocus.com/archive/1/249026Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/7841.phpVendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/575619US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/3827
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/archive/1/249026Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/7841.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/575619US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3827
Impacted products
Vendor Product Version
allaire forums 2.0.4
allaire forums 2.0.5
allaire forums 3.0
allaire forums 3.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:allaire:forums:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D746DEF6-40BE-405A-A36F-AD78843CA9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:allaire:forums:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56882CBB-6AE2-4918-80FF-CB22CD57DF54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:allaire:forums:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5E00AB-BA3B-4D75-BB1E-CD3B66EAD1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:allaire:forums:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "843D94C2-78E4-47C8-B7F9-752E434ED95B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address."
    },
    {
      "lang": "es",
      "value": "Allaire Forums 2.0.4 y 2.0.5 y Foros! 3.0 y 3.1 permiten a usuarios remotos autorizados  suplantar la identidad de otros usuarios (Spoofing) para enviar mensajes modificando en el formulario los campos de nombre y  direcci\u00f3n de correo."
    }
  ],
  "id": "CVE-2002-0108",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-03-25T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/249026"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/7841.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/575619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/249026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/7841.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/575619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3827"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.