Vulnerability Description
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| T. Hauck | Jana Web Server | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9688.phpVendor Advisory
- http://www.securityfocus.com/bid/5326Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
- http://www.iss.net/security_center/static/9688.phpVendor Advisory
- http://www.securityfocus.com/bid/5326Vendor Advisory
FAQ
What is CVE-2002-1064?
CVE-2002-1064 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
How severe is CVE-2002-1064?
CVE-2002-1064 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1064?
Check the references section above for vendor advisories and patch information. Affected products include: T. Hauck Jana Web Server.