CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2002-2289
https://notcve.org/view.php?id=CVE-2002-2289
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. • http://online.securityfocus.com/archive/1/300992 http://securityreason.com/securityalert/3243 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html http://www.securityfocus.com/bid/6243 https://exchange.xforce.ibmcloud.com/vulnerabilities/10690 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 84%CPEs: 2EXPL: 2CVE-2002-1023 – Working Resources BadBlue 1.7.3 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2002-1023
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9528.php http://www.securityfocus.com/bid/5187 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2002-1021 – Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
https://notcve.org/view.php?id=CVE-2002-1021
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9557.php http://www.securityfocus.com/bid/5226 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1022
https://notcve.org/view.php?id=CVE-2002-1022
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9558.php http://www.securityfocus.com/bid/5228 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html http://www.iss.net/security_center/static/9239.php http://www.securityfocus.com/bid/4912 •