Vulnerability Description
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Phpsquidpass | All versions |
References
- http://marc.info/?l=bugtraq&m=102508071021631&w=2
- http://sourceforge.net/forum/forum.php?forum_id=188359PatchVendor Advisory
- http://www.iss.net/security_center/static/9417.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5090PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=102508071021631&w=2
- http://sourceforge.net/forum/forum.php?forum_id=188359PatchVendor Advisory
- http://www.iss.net/security_center/static/9417.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5090PatchVendor Advisory
FAQ
What is CVE-2002-2175?
CVE-2002-2175 is a vulnerability with a CVSS score of 4.0 (MEDIUM). phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short...
How severe is CVE-2002-2175?
CVE-2002-2175 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2175?
Check the references section above for vendor advisories and patch information. Affected products include: Php Phpsquidpass.