Vulnerability Details CVE-2002-1064
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9688.php
- http://www.securityfocus.com/bid/5326
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9688.php
- http://www.securityfocus.com/bid/5326
Products affected by CVE-2002-1064
-
cpe:2.3:a:t._hauck:jana_web_server:1.0
-
cpe:2.3:a:t._hauck:jana_web_server:1.45
-
cpe:2.3:a:t._hauck:jana_web_server:1.46
-
cpe:2.3:a:t._hauck:jana_web_server:2.0
-
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta1
-
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta2
-
cpe:2.3:a:t._hauck:jana_web_server:2.2.1