Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0495 | First vendor Publication | 2002-08-12 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-35 | Leverage Executable Code in Nonexecutable Files |
CAPEC-63 | Simple Script Injection |
CAPEC-73 | User-Controlled Filename |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-81 | Web Logs Tampering |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
761 | csSearch csSearch.cgi setup Parameter Arbitrary Command Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2017-07-25 | csSearch setup attempt RuleID : 43307 - Revision : 2 - Type : SERVER-WEBAPP |
2014-01-10 | csSearch.cgi access RuleID : 1548-community - Revision : 17 - Type : SERVER-WEBAPP |
2014-01-10 | csSearch.cgi access RuleID : 1548 - Revision : 17 - Type : SERVER-WEBAPP |
2014-01-10 | csSearch.cgi arbitrary command execution attempt RuleID : 1547-community - Revision : 18 - Type : SERVER-WEBAPP |
2014-01-10 | csSearch.cgi arbitrary command execution attempt RuleID : 1547 - Revision : 18 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-03-27 | Name : A web application running on the remote host has a command execution vulnerab... File : csSearch_cgi.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:23:51 |
|
2024-11-28 12:05:02 |
|
2024-02-13 21:28:00 |
|
2021-05-04 12:01:40 |
|
2021-04-22 01:01:48 |
|
2020-05-23 00:14:58 |
|
2014-02-17 10:24:41 |
|
2014-01-19 21:21:40 |
|
2013-05-11 12:09:43 |
|