Lucene search

[email protected]CVE-2001-0947

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-0947

2002-02-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0947

valicert

eva

remote attacks

server pathname

error page

cgi program

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

JSON

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Affected configurations

NVD

Node

valicertenterprise_validation_authorityMatch3.3

valicertenterprise_validation_authorityMatch3.4

valicertenterprise_validation_authorityMatch3.5

valicertenterprise_validation_authorityMatch3.6

valicertenterprise_validation_authorityMatch3.7

valicertenterprise_validation_authorityMatch3.8

valicertenterprise_validation_authorityMatch3.9

valicertenterprise_validation_authorityMatch4.0

valicertenterprise_validation_authorityMatch4.1

valicertenterprise_validation_authorityMatch4.2

valicertenterprise_validation_authorityMatch4.2.1

CPENameOperatorVersion
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.3
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.4
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.5
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.6
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.7
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.8
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.9
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.0
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.1
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.2

CPE	Name	Operator	Version
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.3
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.4
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.5
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.6
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.7
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.8
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.9
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.0
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.1
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.2

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=100749428517090&w=2

www.securityfocus.com/bid/3615

www.valicert.com/support/security_advisory_eva.html

exchange.xforce.ibmcloud.com/vulnerabilities/7649

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2001-0947

nvd1 cvelist1