| Vulnerability Name: | CVE-2002-2043 (CCN-8748) | ||||||||
| Assigned: | 2002-04-02 | ||||||||
| Published: | 2002-04-02 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: Patch 20020402 SASL (v1/v2) MYSQL/LDAP authentication patch. Source: CCN Type: BugTraq Mailing List, Tue Apr 02 2002 - 04:06:27 CST SASL (v1/v2) MYSQL/LDAP authentication patch. Source: MITRE Type: CNA CVE-2002-2043 Source: XF Type: Patch cyrus-sasl-patch-pop-access(8748) Source: CCN Type: OSVDB ID: 59495 Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass Source: BID Type: Patch 4409 Source: CCN Type: BID-4409 Cyrus SASL LDAP+MySQL Authentication Patch SQL Command Execution Vulnerability Source: CCN Type: Surf Web site Downloads Source: XF Type: UNKNOWN cyrus-sasl-patch-pop-access(8748) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||