Details of VAR-200212-0063

ID

VAR-200212-0063

CVE

CVE-2002-2181

TITLE

SonicWall Content filtering software URL Filtering can bypass the vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-313

DESCRIPTION

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. SonicWall Content Filtering software is designed for use with SonicWall Appliances. It has been reported that the SonicWall Content Filtering software does not sufficiently check addresses when requests are made. Because of this, it would be possible for a user behind the system to reach a restricted-access site by requesting the site on the basis of IP addresses. A remote attacker could exploit this vulnerability to bypass content inspection and access otherwise restricted sites

Trust: 1.26

sources: NVD: CVE-2002-2181 // BID: 6063 // VULHUB: VHN-6564

AFFECTED PRODUCTS

vendor:	sonicwall	model:	content filtering	scope:	eq	version:	*	Trust: 1.0
vendor:	sonicwall	model:	content filtering	scope:	-	version:	-	Trust: 0.9

sources: BID: 6063 // CNNVD: CNNVD-200212-313 // NVD: CVE-2002-2181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2181
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-313
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6564
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-2181
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6564
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6564 // CNNVD: CNNVD-200212-313 // NVD: CVE-2002-2181

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-313

TYPE

Configuration Error

Trust: 0.9

sources: BID: 6063 // CNNVD: CNNVD-200212-313

EXTERNAL IDS

db:	BID	id:	6063	Trust: 2.0
db:	NVD	id:	CVE-2002-2181	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-313	Trust: 0.7
db:	XF	id:	10531	Trust: 0.6
db:	BUGTRAQ	id:	20021029 BYPASSING WEBSITE FILTER IN SONICWALL	Trust: 0.6
db:	NSFOCUS	id:	3768	Trust: 0.6
db:	VULHUB	id:	VHN-6564	Trust: 0.1

sources: VULHUB: VHN-6564 // BID: 6063 // CNNVD: CNNVD-200212-313 // NVD: CVE-2002-2181

REFERENCES

url:	http://www.securityfocus.com/bid/6063	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/297692	Trust: 1.7
url:	http://www.iss.net/security_center/static/10531.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/3768	Trust: 0.6
url:	http://www.sonicwall.com	Trust: 0.3
url:	/archive/1/297692	Trust: 0.3

sources: VULHUB: VHN-6564 // BID: 6063 // CNNVD: CNNVD-200212-313 // NVD: CVE-2002-2181

CREDITS

Marc Ruef※ marc.ruef@computec.ch

Trust: 0.6

sources: CNNVD: CNNVD-200212-313

SOURCES

db:	VULHUB	id:	VHN-6564
db:	BID	id:	6063
db:	CNNVD	id:	CNNVD-200212-313
db:	NVD	id:	CVE-2002-2181

LAST UPDATE DATE

2024-08-14T14:16:15.444000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6564	date:	2008-09-05T00:00:00
db:	BID	id:	6063	date:	2002-10-29T00:00:00
db:	CNNVD	id:	CNNVD-200212-313	date:	2006-03-03T00:00:00
db:	NVD	id:	CVE-2002-2181	date:	2008-09-05T20:32:32.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6564	date:	2002-12-31T00:00:00
db:	BID	id:	6063	date:	2002-10-29T00:00:00
db:	CNNVD	id:	CNNVD-200212-313	date:	2002-10-29T00:00:00
db:	NVD	id:	CVE-2002-2181	date:	2002-12-31T05:00:00