Lucene search

[email protected]CVE-2001-0523

HistoryAug 14, 2001 - 4:00 a.m.

CVE-2001-0523

2001-08-1404:00:00

[email protected]

web.nvd.nist.gov

secureiis

version 1.0.3

bypass filters

remote attack

html chars escaping

directory traversal

vulnerability

nvd.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.7%

JSON

eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.

Affected configurations

NVD

Node

eeye_digital_securitysecureiisMatch1.0.2

eeye_digital_securitysecurellsRange≤1.0.3

CPENameOperatorVersion
eeye_digital_security:secureiiseeye digital security secureiiseq1.0.2
eeye_digital_security:securellseeye digital security securellsle1.0.3

CPE	Name	Operator	Version
eeye_digital_security:secureiis	eeye digital security secureiis	eq	1.0.2
eeye_digital_security:securells	eeye digital security securells	le	1.0.3

References

archives.neohapsis.com/archives/bugtraq/2001-05/0185.html

archives.neohapsis.com/archives/bugtraq/2001-05/0197.html

exchange.xforce.ibmcloud.com/vulnerabilities/6563

exchange.xforce.ibmcloud.com/vulnerabilities/6564

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2001-0523

cvelist1 nvd1