Vulnerability CVE-2002-0066


Published: 2002-04-22   Modified: 2012-02-12

Description:
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Funk software -> Funk software proxy 
Bindview -> Netrc 

 References:
http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
http://www.securityfocus.com/bid/4460
http://www.iss.net/security_center/static/8793.php

Copyright 2024, cxsecurity.com

 

Back to Top