CVE-2002-2043

Published Dec 31, 2002

Last updated 16 years ago

Overview

Description: SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Vendor comments

Red HatNot vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5B837A3-E1D7-469D-9A2C-1648DB869524"
          },
          {
            "criteria": "cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D5319DC-7C56-4661-83A6-6F226DD6804F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References