CVE-2002-0637
published 2002-07-11CVE-2002-0637: InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.75%
92.1th percentile
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | interscan_viruswall | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Interpretation Conflict
mitre_cwe·CVSS 7.5
[HIGH] CWE-436 Interpretation Conflict
CWE-436: Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Integrity, Other. Impact: Unexpected State, Varies by Context.
Examples:
The paper "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to
CWE
Improper Neutralization of Whitespace
mitre_cwe
CWE-156 Improper Neutralization of Whitespace
CWE-156: Improper Neutralization of Whitespace
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.
This can include space, tab, etc.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that whitespace will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e.,
2002-07-11
Published