CVE-2002-0990

Name: CVE-2002-0990
Creator: NVD / NIST
Published: 2002-10-28T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.67%

Last modified Jun 16, 2026

CVE-2002-0990 is a vulnerability of currently unknown severity. The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.

Description

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.

Metrics

EPSS Probability

1.67%

73.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Symantec	Enterprise Firewall	6.5.2
Symantec	Enterprise Firewall	7.0
Symantec	Raptor Firewall	6.5
Symantec	Raptor Firewall	6.5.3
Symantec	Velociraptor	500
Symantec	Velociraptor	700
Symantec	Velociraptor	1000
Symantec	Velociraptor	1100
Symantec	Velociraptor	1200
Symantec	Velociraptor	1300
Symantec	Gateway Security	5110
Symantec	Gateway Security	5200
Symantec	Gateway Security	5300

References

http://marc.info/?l=bugtraq&m=103463869503124&w=2
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.htmlPatch, Vendor Advisory
http://www.iss.net/security_center/static/10364.phpVendor Advisory
http://www.securityfocus.com/bid/5958
http://marc.info/?l=bugtraq&m=103463869503124&w=2
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.htmlPatch, Vendor Advisory
http://www.iss.net/security_center/static/10364.phpVendor Advisory
http://www.securityfocus.com/bid/5958

Timeline

Published: Oct 28, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-0990?

How severe is CVE-2002-0990?

Severity scoring for CVE-2002-0990 is pending analysis. The EPSS model estimates a 1.67% probability of exploitation in the next 30 days.

How do I fix CVE-2002-0990?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-0990?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST