{"api_version":"1","generated_at":"2026-04-23T17:14:52+00:00","cve":"CVE-2002-1796","urls":{"html":"https://cve.report/CVE-2002-1796","api":"https://cve.report/api/cve/CVE-2002-1796.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-1796","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-1796"},"summary":{"title":"CVE-2002-1796","description":"ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-347","n/a","CWE-347 CWE-347 Improper Verification of Cryptographic Signature"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/284648","name":"http://www.securityfocus.com/archive/1/284648","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityFocus HOME Mailing List: BugTraq","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.phenoelit.de/stuff/HP_Chai.txt","name":"http://www.phenoelit.de/stuff/HP_Chai.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"PHENOELIT","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/5334","name":"http://www.securityfocus.com/bid/5334","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"HP ChaiVM EZLoader Arbitrary JAR Loading Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://online.securityfocus.com/advisories/4317","name":"http://online.securityfocus.com/advisories/4317","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch","Third Party Advisory","VDB Entry","Vendor Advisory"],"title":"SecurityFocus HOME Advisories: Sec. Vulenrability in ChaiVM EZloader","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.iss.net/security_center/static/9695.php","name":"http://www.iss.net/security_center/static/9695.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"ISS X-Force Database: hp-chaivm-add-services (9695): HP ChaiVM EZloader improper signature verification could allow an attacker to add malicious services","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-1796","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1796","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"1796","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"chaivm_ezloader","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1796","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"laserjet_4100","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1796","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"laserjet_4500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1796","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"laserjet_4550","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1796","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"laserjet_8150","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:34:56.348Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.phenoelit.de/stuff/HP_Chai.txt"},{"name":"5334","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5334"},{"name":"HPSBUX0207-203","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://online.securityfocus.com/advisories/4317"},{"name":"hp-chaivm-add-services(9695)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/9695.php"},{"name":"20020227 Phenoelit Advisory #0815 +--","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/284648"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2002-1796","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-02-09T17:57:39.682936Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-01-16T19:24:39.019Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2005-06-28T04:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.phenoelit.de/stuff/HP_Chai.txt"},{"name":"5334","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5334"},{"name":"HPSBUX0207-203","tags":["vendor-advisory","x_refsource_HP"],"url":"http://online.securityfocus.com/advisories/4317"},{"name":"hp-chaivm-add-services(9695)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/9695.php"},{"name":"20020227 Phenoelit Advisory #0815 +--","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/284648"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-1796","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.phenoelit.de/stuff/HP_Chai.txt","refsource":"MISC","url":"http://www.phenoelit.de/stuff/HP_Chai.txt"},{"name":"5334","refsource":"BID","url":"http://www.securityfocus.com/bid/5334"},{"name":"HPSBUX0207-203","refsource":"HP","url":"http://online.securityfocus.com/advisories/4317"},{"name":"hp-chaivm-add-services(9695)","refsource":"XF","url":"http://www.iss.net/security_center/static/9695.php"},{"name":"20020227 Phenoelit Advisory #0815 +--","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/284648"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-1796","datePublished":"2005-06-28T04:00:00.000Z","dateReserved":"2005-06-28T04:00:00.000Z","dateUpdated":"2025-01-16T19:24:39.019Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-347","n/a","CWE-347 CWE-347 Improper Verification of Cryptographic Signature"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:chaivm_ezloader:-:*:*:*:*:*:*:*","matchCriteriaId":"490B782C-11BF-47E2-8899-8B462D2D8AA6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_4100:-:*:*:*:*:*:*:*","matchCriteriaId":"8A1779FF-AF54-49D7-B357-3CB62371FA21"},{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_4500:-:*:*:*:*:*:*:*","matchCriteriaId":"FADCF8F9-297F-43B8-A380-D91FDB66BD98"},{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_4550:-:*:*:*:*:*:*:*","matchCriteriaId":"6EEF0E42-3082-4648-BA3A-3372763F72DD"},{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_8150:-:*:*:*:*:*:*:*","matchCriteriaId":"E4D75D04-E717-4361-9D62-08DCFF23ED9A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"1796","Ordinal":"1","Title":"CVE-2002-1796","CVE":"CVE-2002-1796","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"1796","Ordinal":"1","NoteData":"ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.","Type":"Description","Title":"CVE-2002-1796"},{"CveYear":"2002","CveId":"1796","Ordinal":"2","NoteData":"2005-06-28","Type":"Other","Title":"Published"}]}}}