Vulnerability Details CVE-2002-1066
Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9689.php
- http://www.securityfocus.com/bid/5327
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9689.php
- http://www.securityfocus.com/bid/5327
Products affected by CVE-2002-1066
-
cpe:2.3:a:t._hauck:jana_web_server:1.0
-
cpe:2.3:a:t._hauck:jana_web_server:1.45
-
cpe:2.3:a:t._hauck:jana_web_server:1.46
-
cpe:2.3:a:t._hauck:jana_web_server:2.0
-
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta1
-
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta2
-
cpe:2.3:a:t._hauck:jana_web_server:2.2.1