CVE-2002-1064 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2002-1064

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

Affected Software

Name	Vendor	Start Version	End Version
Jana_web_server	T._hauck	1.0 (including)	1.0 (including)
Jana_web_server	T._hauck	1.45 (including)	1.45 (including)
Jana_web_server	T._hauck	1.46 (including)	1.46 (including)
Jana_web_server	T._hauck	2.0 (including)	2.0 (including)
Jana_web_server	T._hauck	2.0_beta1 (including)	2.0_beta1 (including)
Jana_web_server	T._hauck	2.0_beta2 (including)	2.0_beta2 (including)
Jana_web_server	T._hauck	2.2.1 (including)	2.2.1 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9688.php
http://www.securityfocus.com/bid/5326