Details of VAR-200212-0282

ID

VAR-200212-0282

CVE

CVE-2002-1851

TITLE

Ipswitch WS_FTP Pro Remote buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-678

DESCRIPTION

Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. Ipswitch WS_FTP Pro is a FTP client for Microsoft Windows systems. A buffer overflow condition has been reported in WS_FTP Pro. Precise details are not currently available, however it is believed that it may be exploitable by a malicious server. Ipswitch WS_FTP Pro lacks correct checks on the response submitted by the server, which can lead to remote attackers forging server responses and resulting in denial of service attacks. After Ipswitch provides the patch, NGS Software will provide detailed technical details

Trust: 1.26

sources: NVD: CVE-2002-1851 // BID: 4850 // VULHUB: VHN-6234

AFFECTED PRODUCTS

vendor:

ipswitch

model:

ws ftp pro

scope:

version:

7.5

Trust: 1.9

sources: BID: 4850 // CNNVD: CNNVD-200212-678 // NVD: CVE-2002-1851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1851
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-678
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6234
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1851
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6234
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6234 // CNNVD: CNNVD-200212-678 // NVD: CVE-2002-1851

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-678

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 4850 // CNNVD: CNNVD-200212-678

EXTERNAL IDS

db:	BID	id:	4850	Trust: 2.0
db:	NVD	id:	CVE-2002-1851	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-678	Trust: 0.7
db:	NSFOCUS	id:	2883	Trust: 0.6
db:	XF	id:	10185	Trust: 0.6
db:	VULHUB	id:	VHN-6234	Trust: 0.1

sources: VULHUB: VHN-6234 // BID: 4850 // CNNVD: CNNVD-200212-678 // NVD: CVE-2002-1851

REFERENCES

url:	http://www.securityfocus.com/bid/4850	Trust: 1.7
url:	http://www.iss.net/security_center/static/10185.php	Trust: 1.7
url:	http://www.nextgenss.com/vna/ips-wsftp.txt	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/2883	Trust: 0.6

sources: VULHUB: VHN-6234 // BID: 4850 // CNNVD: CNNVD-200212-678 // NVD: CVE-2002-1851

CREDITS

Next Generation Security Software

Trust: 0.6

sources: CNNVD: CNNVD-200212-678

SOURCES

db:	VULHUB	id:	VHN-6234
db:	BID	id:	4850
db:	CNNVD	id:	CNNVD-200212-678
db:	NVD	id:	CVE-2002-1851

LAST UPDATE DATE

2024-08-14T15:31:15.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6234	date:	2008-09-05T00:00:00
db:	BID	id:	4850	date:	2002-05-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-678	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1851	date:	2008-09-05T20:31:40.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6234	date:	2002-12-31T00:00:00
db:	BID	id:	4850	date:	2002-05-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-678	date:	2002-05-27T00:00:00
db:	NVD	id:	CVE-2002-1851	date:	2002-12-31T05:00:00