LiveActive security incident?Get immediate response
CVE archive

November 2002

Browse CVE records published in November 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 143 matching CVEs · Page 2 of 3.

Unknown · CVSS Not scored

CVE-2002-2426: Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presen...

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Published Nov 20, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-2142: An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebL...

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.

Published Nov 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-2185: The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP m...

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

Published Nov 16, 2005 · Updated Aug 8, 2024