CVE-2002-1064

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

Published: Oct 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1064
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
t._hauck / jana_web_server	1.0	1.0.x
t._hauck / jana_web_server	2.0	2.0.x
t._hauck / jana_web_server	2.2.1	2.2.1.x
t._hauck / jana_web_server	2.0_beta2	2.0_beta2.x
t._hauck / jana_web_server	1.45	1.45.x
t._hauck / jana_web_server	2.0_beta1	2.0_beta1.x
t._hauck / jana_web_server	1.46	1.46.x

http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9688.php
http://www.securityfocus.com/bid/5326

Vulnerability Database

289,871

CVE-2002-1064