Executive Summary

Informations
Name CVE-2002-0813 First vendor Publication 2002-08-12
Vendor Cve Last vendor Modification 2016-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0813

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5449
 
Oval ID: oval:org.mitre.oval:def:5449
Title: Cisco IOS TFTP Server Long File Name Denial of Service Vulnerability
Description: Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
Family: ios Class: vulnerability
Reference(s): CVE-2002-0813
 Version: 1
Platform(s): Cisco IOS
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3

OpenVAS Exploits

Date Description
2005-11-03 Name : TFTPD overflow
File : nvt/tftpd_overflow.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
854 Cisco TFTP Server Long Filename DoS

IOS and MGX contain a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted read request is sent, and will result in loss of availability for the service on the MGX and a loss of availability for the platform on IOS.

Snort® IPS/IDS

Date Description
2014-01-10 GET filename overflow attempt
RuleID : 1941-community - Revision : 24 - Type : PROTOCOL-TFTP
2014-01-10 GET filename overflow attempt
RuleID : 1941 - Revision : 24 - Type : PROTOCOL-TFTP

Nessus® Vulnerability Scanner

Date Description
2005-05-16 Name : The remote host has an application that is affected by a buffer overflow vuln...
File : tftpd_overflow.nasl - Type : ACT_FLOOD
2002-07-30 Name : The remote device is missing a vendor-supplied security patch.
File : CSCdy03429.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/5328
BUGTRAQ http://marc.info/?l=bugtraq&m=103002169829669&w=2
http://online.securityfocus.com/archive/1/284634
CISCO http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
OSVDB http://www.osvdb.org/854
XF http://www.iss.net/security_center/static/9700.php

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:01:43
  • Multiple Updates
2021-04-22 01:01:51
  • Multiple Updates
2020-05-23 00:15:01
  • Multiple Updates
2016-10-18 12:01:02
  • Multiple Updates
2016-06-28 14:59:28
  • Multiple Updates
2014-02-17 10:24:52
  • Multiple Updates
2014-01-19 21:21:44
  • Multiple Updates
2013-05-11 12:10:44
  • Multiple Updates