CVE-2003-0636
- EPSS 1.18%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:33
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
- EPSS 1.48%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:33
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
CVE-2003-0638
- EPSS 2.51%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:34
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack rela...
- EPSS 1.25%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:34
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.