CVE-2002-0891

Severity

50%

Complexity

99%

Confidentiality

48%

The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Juniper

First reported 22 years ago

2002-10-04 04:00:00

Last updated 16 years ago

2008-09-05 20:29:00

Affected Software

Juniper NetScreen ScreenOS 2.5

2.5

Juniper NetScreen ScreenOS 2.5 r1

2.5r1

Juniper NetScreen ScreenOS 2.5 r2

2.5r2

Juniper NetScreen ScreenOS 2.5 r6

2.5r6

Juniper NetScreen ScreenOS 2.6.1

2.6.1

Juniper NetScreen ScreenOS 2.6.1 r1

2.6.1r1

Juniper NetScreen ScreenOS 2.6.1 r2

2.6.1r2

Juniper NetScreen ScreenOS 2.6.1 r3

2.6.1r3

Juniper NetScreen ScreenOS 2.6.1 r4

2.6.1r4

Juniper NetScreen ScreenOS 2.6.1 r5

2.6.1r5

Juniper NetScreen ScreenOS 2.7.1

2.7.1

Juniper NetScreen ScreenOS 2.7.1 r1

2.7.1r1

Juniper NetScreen ScreenOS 2.7.1 r2

2.7.1r2

Juniper NetScreen ScreenOS 2.7.1 r3

2.7.1r3

Juniper ScreenOS 3.0.0

3.0.0

Juniper ScreenOS 3.0.0 r1

3.0.0r1

Juniper ScreenOS 3.0.0 r2

3.0.0r2

Juniper ScreenOS 3.0.0 r3

3.0.0r3

Juniper ScreenOS 3.0.0 r4

3.0.0r4

Juniper NetScreen ScreenOS 3.0.1 r1

3.0.1r1

References

20020527 Netscreen 25 unauthorised reboot issue

netscreen-screenos-username-dos(9186)

Vendor Advisory

http://www.netscreen.com/support/ns25_reboot.html

4842