Details of VAR-200210-0023

ID

VAR-200210-0023

CVE

CVE-2002-1203

TITLE

IBM SecureWay Firewall Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-309

DESCRIPTION

IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. A vulnerability has been discovered in IBM SecureWay Firewall for the AIX operating system. To reach a denial of service condition, 2.8Mbps of malicious requests must be sent to the vulnerable firewall. Versions prior to IBM SecureWay Firewall 4.2.2 perform additional processes before judging packets as invalid and discarding them

Trust: 1.26

sources: NVD: CVE-2002-1203 // BID: 5924 // VULHUB: VHN-5588

AFFECTED PRODUCTS

vendor:	ibm	model:	secureway firewall	scope:	eq	version:	4.2.1	Trust: 1.9
vendor:	ibm	model:	secureway firewall	scope:	eq	version:	4.2	Trust: 1.9
vendor:	ibm	model:	secureway firewall	scope:	ne	version:	4.2.2	Trust: 0.3
vendor:	ibm	model:	secureway firewall d	scope:	ne	version:	4.2.1	Trust: 0.3

sources: BID: 5924 // CNNVD: CNNVD-200210-309 // NVD: CVE-2002-1203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1203
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-309
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5588
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1203
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5588
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5588 // CNNVD: CNNVD-200210-309 // NVD: CVE-2002-1203

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.1

sources: VULHUB: VHN-5588 // NVD: CVE-2002-1203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-309

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200210-309

EXTERNAL IDS

db:	BID	id:	5924	Trust: 2.0
db:	NVD	id:	CVE-2002-1203	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-309	Trust: 0.7
db:	BUGTRAQ	id:	20021009 FLOOD ACK PACKETS CAUSE AN IBM SECUREWAY FIREWALL DOS	Trust: 0.6
db:	XF	id:	10249	Trust: 0.6
db:	SECTRACK	id:	1005330	Trust: 0.3
db:	VULHUB	id:	VHN-5588	Trust: 0.1

sources: VULHUB: VHN-5588 // BID: 5924 // CNNVD: CNNVD-200210-309 // NVD: CVE-2002-1203

REFERENCES

url:	http://www.securityfocus.com/bid/5924	Trust: 1.7
url:	http://www.iss.net/security_center/static/10249.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=103417988503398&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103417988503398&w=2	Trust: 0.6
url:	http://www.securitytracker.com/alerts/2002/oct/1005330.html	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?rs=0&q=ir49046&uid=swg185256b4f006cca2486256c31007feaca	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=103417988503398&w=2	Trust: 0.1

sources: VULHUB: VHN-5588 // BID: 5924 // CNNVD: CNNVD-200210-309 // NVD: CVE-2002-1203

CREDITS

Discovery credited to Mauro Flores.

Trust: 0.9

sources: BID: 5924 // CNNVD: CNNVD-200210-309

SOURCES

db:	VULHUB	id:	VHN-5588
db:	BID	id:	5924
db:	CNNVD	id:	CNNVD-200210-309
db:	NVD	id:	CVE-2002-1203

LAST UPDATE DATE

2025-04-03T22:27:22.680000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5588	date:	2016-10-18T00:00:00
db:	BID	id:	5924	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200210-309	date:	2009-08-20T00:00:00
db:	NVD	id:	CVE-2002-1203	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5588	date:	2002-10-28T00:00:00
db:	BID	id:	5924	date:	2002-10-09T00:00:00
db:	CNNVD	id:	CNNVD-200210-309	date:	2002-10-28T00:00:00
db:	NVD	id:	CVE-2002-1203	date:	2002-10-28T05:00:00