CVE-2002-1888 - CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and

CVE-2002-1888

Summary

CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.

References

http://archives.neohapsis.com/archives/bugtraq/2002-10/0043.html
http://www.iss.net/security_center/static/10293.php
http://www.securityfocus.com/bid/5878

Vulnerable Configurations

cpe:2.3:a:commonname:commonname_toolbar:3.5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:commonname:commonname_toolbar:3.5.2.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 05-09-2008 - 20:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	5878
bugtraq	20021003 CommonName Toolbar potentially exposes LAN web addresses
xf	commonname-intranet-address-disclosure(10293)

Last major update

05-09-2008 - 20:31

Published

31-12-2002 - 05:00

Last modified

05-09-2008 - 20:31