CVE-1999-1020 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

source: https://www.securityfocus.com/bid/484/info Non-authenticated clients have access to CX.EXE and NLIST.EXE in the SYS:LOGIN directory of a Netware 4.x server. The default root access is set to Read. Therefore, by using various switch options in CX.EXE and NLIST.EXE, anyone connecting to the server can gain access to NDS tree information such as account names, group names and membership, tree layout etc. By attaching to different servers and switching contexts an intruder could gain an understanding of the NDS structure for the entire network. The following commands can be issued by a client connected to a NetWare 4.x or IntranetWare server, revealing most if not all user account names, in addition to most of if not the entire tree layout. CX /T /A /R - list all readable user and container object names in tree, and can give a rather accurate layout of the containers and basic contents NLIST USER /D - list info regarding user names in current context NLIST GROUPS /D - list groups and group membership in current context NLIST SERVER /D - list server names and OS versions, and if attached reveal if accounting is installed or not NLIST /OT=* /DYN /D - list all readable objects, including dynamic objects, names of NDS trees, etc