CVE-2002-1358

EPSS 4.13%
Veröffentlicht 23.12.2002 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version12.0s

Cisco ≫ Ios Version12.0st

Cisco ≫ Ios Version12.1e

Cisco ≫ Ios Version12.1ea

Cisco ≫ Ios Version12.1t

Cisco ≫ Ios Version12.2

Cisco ≫ Ios Version12.2s

Cisco ≫ Ios Version12.2t

Fissh ≫ Ssh Client Version1.0a_for_windows

Intersoft ≫ Securenetterm Version5.4.1

Netcomposite ≫ Shellguard Ssh Version3.4.6

Pragma Systems ≫ Secureshell Version2.0

PuTTY ≫ PuTTY Version0.48

PuTTY ≫ PuTTY Version0.49

PuTTY ≫ PuTTY Version0.53

WinSCP ≫ WinSCP Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.13%	0.882

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html

http://securitytracker.com/id?1005812

http://securitytracker.com/id?1005813

http://www.cert.org/advisories/CA-2002-36.html

Third Party Advisory

US Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721

https://nvd.nist.gov/vuln/detail/CVE-2002-1358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1358

EUVD