Vulnerability Details : CVE-2002-0001
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Exploit prediction scoring system (EPSS) score for CVE-2002-0001
Probability of exploitation activity in the next 30 days: 1.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0001
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0001
-
http://online.securityfocus.com/advisories/3778
-
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
-
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
-
http://marc.info/?l=bugtraq&m=100994648918287&w=2
-
http://www.securityfocus.com/bid/3774
-
http://www.redhat.com/support/errata/RHSA-2002-003.html
Patch
-
http://www.iss.net/security_center/static/7759.php
-
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
-
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
-
http://www.debian.org/security/2002/dsa-096
Patch
Products affected by CVE-2002-0001
- cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*