Details of VAR-200206-0065

ID

VAR-200206-0065

CVE

CVE-2002-0602

TITLE

Snapgear Lite+ Too many firewalls HTTP Connection causes a denial of service attack vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200206-012

DESCRIPTION

Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. Snapgear Lite+ is a device with integrated firewall, routing, and VPN support. In version 1.5.4 of the firmware only the web management module will crash, and not the entire firewall in the above situation

Trust: 1.53

sources: NVD: CVE-2002-0602 // BID: 4657 // BID: 4658 // VULHUB: VHN-4994

AFFECTED PRODUCTS

vendor:	snapgear	model:	lite\+ firewall	scope:	eq	version:	1.5.3	Trust: 1.6
vendor:	snapgear	model:	lite\+ firewall	scope:	eq	version:	1.5.4	Trust: 1.6
vendor:	snapgear	model:	lite+ firewall	scope:	eq	version:	1.5.4	Trust: 0.6
vendor:	snapgear	model:	lite+ firewall	scope:	eq	version:	1.5.3	Trust: 0.6
vendor:	snapgear	model:	lite+ firewall	scope:	ne	version:	1.6.0	Trust: 0.6

sources: BID: 4657 // BID: 4658 // CNNVD: CNNVD-200206-012 // NVD: CVE-2002-0602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0602
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200206-012
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4994
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0602
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4994
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4994 // CNNVD: CNNVD-200206-012 // NVD: CVE-2002-0602

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0602

THREAT TYPE

network

Trust: 0.6

sources: BID: 4657 // BID: 4658

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 4657 // BID: 4658

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0602	Trust: 2.3
db:	BID	id:	4658	Trust: 1.4
db:	BID	id:	4657	Trust: 1.4
db:	CNNVD	id:	CNNVD-200206-012	Trust: 0.7
db:	BUGTRAQ	id:	20020502 KPMG-2002017: SNAPGEAR LITE+ FIREWALL DENIAL OF SERVICE	Trust: 0.6
db:	VULNWATCH	id:	20020502 [VULNWATCH] KPMG-2002017: SNAPGEAR LITE+ FIREWALL DENIAL OF SERVICE	Trust: 0.6
db:	VULHUB	id:	VHN-4994	Trust: 0.1

sources: VULHUB: VHN-4994 // BID: 4657 // BID: 4658 // CNNVD: CNNVD-200206-012 // NVD: CVE-2002-0602

REFERENCES

url:	http://www.snapgear.com/releases.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/4657	Trust: 1.1
url:	http://www.securityfocus.com/bid/4658	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8985	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8986	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=102035583114759&w=2	Trust: 1.0
url:	http://www.snapgear.com/liteplus.html	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=102035583114759&w=2	Trust: 0.1

sources: VULHUB: VHN-4994 // BID: 4657 // BID: 4658 // CNNVD: CNNVD-200206-012 // NVD: CVE-2002-0602

CREDITS

Andreas Sandor (asandor@kpmg.dk) & Peter Gründl (pgrundl@kpmg.dk).

Trust: 0.6

sources: BID: 4657 // BID: 4658

SOURCES

db:	VULHUB	id:	VHN-4994
db:	BID	id:	4657
db:	BID	id:	4658
db:	CNNVD	id:	CNNVD-200206-012
db:	NVD	id:	CVE-2002-0602

LAST UPDATE DATE

2025-04-03T22:26:25.873000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4994	date:	2017-07-11T00:00:00
db:	BID	id:	4657	date:	2009-07-11T12:46:00
db:	BID	id:	4658	date:	2009-07-11T12:46:00
db:	CNNVD	id:	CNNVD-200206-012	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0602	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4994	date:	2002-06-18T00:00:00
db:	BID	id:	4657	date:	2002-05-02T00:00:00
db:	BID	id:	4658	date:	2002-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200206-012	date:	2002-05-02T00:00:00
db:	NVD	id:	CVE-2002-0602	date:	2002-06-18T04:00:00