CVE-2002-1066 | Vulnerability Database | Aqua Security

Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.

Affected Software

Name	Vendor	Start Version	End Version
Jana_web_server	T._hauck	1.0 (including)	1.0 (including)
Jana_web_server	T._hauck	1.45 (including)	1.45 (including)
Jana_web_server	T._hauck	1.46 (including)	1.46 (including)
Jana_web_server	T._hauck	2.0 (including)	2.0 (including)
Jana_web_server	T._hauck	2.0_beta1 (including)	2.0_beta1 (including)
Jana_web_server	T._hauck	2.0_beta2 (including)	2.0_beta2 (including)
Jana_web_server	T._hauck	2.2.1 (including)	2.2.1 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9689.php
http://www.securityfocus.com/bid/5327

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1066
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html