Lucene search

[email protected]CVE-2001-0948

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-0948

2002-02-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0948

cross-site scripting

css vulnerability

valicert eva

arbitrary code execution

html/script.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate’s description, which is executed when the certificate is viewed.

Affected configurations

NVD

Node

valicertenterprise_validation_authorityMatch3.3

valicertenterprise_validation_authorityMatch3.4

valicertenterprise_validation_authorityMatch3.5

valicertenterprise_validation_authorityMatch3.6

valicertenterprise_validation_authorityMatch3.7

valicertenterprise_validation_authorityMatch3.8

valicertenterprise_validation_authorityMatch3.9

valicertenterprise_validation_authorityMatch4.0

valicertenterprise_validation_authorityMatch4.1

valicertenterprise_validation_authorityMatch4.2

valicertenterprise_validation_authorityMatch4.2.1

CPENameOperatorVersion
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.3
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.4
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.5
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.6
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.7
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.8
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.9
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.0
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.1
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.2

CPE	Name	Operator	Version
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.3
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.4
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.5
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.6
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.7
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.8
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.9
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.0
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.1
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.2

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=100749428517090&w=2

www.securityfocus.com/bid/3619

www.valicert.com/support/security_advisory_eva.html

exchange.xforce.ibmcloud.com/vulnerabilities/7650

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2001-0948

cvelist1 nvd1