var-200207-0051
Vulnerability from variot
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. The condition is reportedly due to an inability to handle large requests. The overflow occurs in kernel memory. It may be possible to execute arbitrary code in this context to compromise the system. The HTTP proxy component included in NPIF lacks correct buffer boundary checks when handling very long hostnames. Remote attackers can exploit this vulnerability to perform buffer overflow attacks. An attacker could exploit this vulnerability by accessing NPIF's HTTP proxy requests through an internal connection or by attaching a malicious email or instructing the user to connect to a malicious WEB site to download code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200207-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "norton internet security",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "2001"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "2001_3.0.4.91"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20013.0.4.91"
},
{
"model": "norton internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20010"
},
{
"model": "norton personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "2002"
},
{
"model": "norton internet security professional edition",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "20020"
},
{
"model": "norton internet security",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "20020"
}
],
"sources": [
{
"db": "BID",
"id": "5237"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:2001_3.0.4.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "advisories@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200207-131",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5054",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. The condition is reportedly due to an inability to handle large requests. \nThe overflow occurs in kernel memory. It may be possible to execute arbitrary code in this context to compromise the system. The HTTP proxy component included in NPIF lacks correct buffer boundary checks when handling very long hostnames. Remote attackers can exploit this vulnerability to perform buffer overflow attacks. An attacker could exploit this vulnerability by accessing NPIF\u0027s HTTP proxy requests through an internal connection or by attaching a malicious email or instructing the user to connect to a malicious WEB site to download code",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "VULHUB",
"id": "VHN-5054"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5237",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0663",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "4366",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131",
"trust": 0.7
},
{
"db": "ATSTAKE",
"id": "A071502-1",
"trust": 0.6
},
{
"db": "XF",
"id": "9579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5054",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"id": "VAR-200207-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:45.651000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2002.07.15.html"
},
{
"trust": 1.7,
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5237"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/4366"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9579.php"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/sabu/nis/npf/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5054"
},
{
"db": "BID",
"id": "5237"
},
{
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-5054"
},
{
"date": "2002-07-15T00:00:00",
"db": "BID",
"id": "5237"
},
{
"date": "2002-07-26T04:00:00",
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"date": "2002-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5054"
},
{
"date": "2002-07-15T00:00:00",
"db": "BID",
"id": "5237"
},
{
"date": "2008-09-10T19:12:40.663000",
"db": "NVD",
"id": "CVE-2002-0663"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Norton Personal Firewall/Internet Security 2001 Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5237"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-131"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.