Vulnerability Description
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bindview | Netrc | 1.0 |
| Funk Software | Funk Software Proxy | 3.0 |
References
- http://razor.bindview.com/publish/advisories/adv_FunkProxy.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8793.php
- http://www.securityfocus.com/bid/4460
- http://razor.bindview.com/publish/advisories/adv_FunkProxy.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8793.php
- http://www.securityfocus.com/bid/4460
FAQ
What is CVE-2002-0066?
CVE-2002-0066 is a vulnerability with a CVSS score of 7.5 (HIGH). Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use t...
How severe is CVE-2002-0066?
CVE-2002-0066 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0066?
Check the references section above for vendor advisories and patch information. Affected products include: Bindview Netrc, Funk Software Funk Software Proxy.