Vulnerability Details CVE-2002-1154
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 73.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.analog.cx/security5.html
- http://www.iss.net/security_center/static/10344.php
- http://www.osvdb.org/3779
- http://www.redhat.com/support/errata/RHSA-2002-059.html
- http://www.analog.cx/security5.html
- http://www.iss.net/security_center/static/10344.php
- http://www.osvdb.org/3779
- http://www.redhat.com/support/errata/RHSA-2002-059.html
Products affected by CVE-2002-1154
-
cpe:2.3:a:stephen_turner:analog:*