CVE-2002-0990

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=103463869503124&w=2
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html	Patch Vendor Advisory
http://www.iss.net/security_center/static/10364.php	Vendor Advisory
http://www.securityfocus.com/bid/5958
http://marc.info/?l=bugtraq&m=103463869503124&w=2
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html	Patch Vendor Advisory
http://www.iss.net/security_center/static/10364.php	Vendor Advisory
http://www.securityfocus.com/bid/5958

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:enterprise_firewall:6.5.2::windows_2000_nt:::::
	cpe:2.3:a:symantec:enterprise_firewall:7.0::solaris:::::
	cpe:2.3:a:symantec:enterprise_firewall:7.0::windows_2000_nt:::::
	cpe:2.3:a:symantec:raptor_firewall:6.5::windows_nt:::::
	cpe:2.3:a:symantec:raptor_firewall:6.5.3::solaris:::::
	cpe:2.3:a:symantec:velociraptor:500:::::::*
	cpe:2.3:a:symantec:velociraptor:700:::::::*
	cpe:2.3:a:symantec:velociraptor:1000:::::::*
	cpe:2.3:a:symantec:velociraptor:1100:::::::*
	cpe:2.3:a:symantec:velociraptor:1200:::::::*
	cpe:2.3:a:symantec:velociraptor:1300:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:symantec:gateway_security:5110:::::::*
	cpe:2.3:h:symantec:gateway_security:5200:::::::*
	cpe:2.3:h:symantec:gateway_security:5300:::::::*

History

No history.

Information

Published : 2002-10-28 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-0990

Mitre link : CVE-2002-0990

CVE.ORG link : CVE-2002-0990

JSON object : View

Products Affected

symantec

raptor_firewall
enterprise_firewall
gateway_security
velociraptor

CWE

NVD-CWE-Other

{"id": "CVE-2002-0990", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-10-28T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=103463869503124&w=2", "source": "cve@mitre.org"}, {"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10364.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5958", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=103463869503124&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/10364.php", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5958", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout."}, {"lang": "es", "value": "El componente de proxy web en Symantec Enterprise Firewall (SEF) 6.5.2 a 7.0, Raptor Firewall 6.5 y 6.5.3, VelociRaptor, y Symantec Gateway Security permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de recursos de conexiones) mediante m\u00faltiples peticiones de conexi\u00f3n a dominios cuyo servidor DNS no responda o no exista, lo que genera una larga espera."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:enterprise_firewall:6.5.2:*:windows_2000_nt:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0306D0E7-691F-46EB-9133-F585000476A2"}, {"criteria": "cpe:2.3:a:symantec:enterprise_firewall:7.0:*:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8656778B-9299-436B-AF8A-64C042273751"}, {"criteria": "cpe:2.3:a:symantec:enterprise_firewall:7.0:*:windows_2000_nt:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5B3D26-F6FB-4D38-99B5-4AAF8C62F82A"}, {"criteria": "cpe:2.3:a:symantec:raptor_firewall:6.5:*:windows_nt:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D585A9BA-7F89-4382-95BB-823B83E5F222"}, {"criteria": "cpe:2.3:a:symantec:raptor_firewall:6.5.3:*:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BBE1CA5-CDB0-4C9C-A6AB-0727C56E419F"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA052121-6694-4F90-BEE1-E5D987676A2C"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2ADA6F-769B-441F-89B0-C66DDE1C0F3E"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:1000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C1D900E-FEB4-4EA7-A88F-84607A9BBAF2"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:1100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107F69B6-8CFA-44F6-B6CA-AD54B5D194E2"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:1200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "639A972B-4D99-4E8A-885E-930779D65125"}, {"criteria": "cpe:2.3:a:symantec:velociraptor:1300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849ABDDF-321F-43A3-9723-6B33907D8A52"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:symantec:gateway_security:5110:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E42EDB2-616D-4915-9E41-7D80F32E4901"}, {"criteria": "cpe:2.3:h:symantec:gateway_security:5200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1175AC-9310-4804-8FB3-2F988F55BD09"}, {"criteria": "cpe:2.3:h:symantec:gateway_security:5300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF09575E-83D3-4772-816B-7D639B1C32A4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}