Lucene search

[email protected]CVE-2001-0949

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-0949

2002-02-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0949

buffer overflows

valicert

remote code execution

forms.exe

eva administration server

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.206 Low

EPSS

Percentile

96.4%

JSON

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Affected configurations

NVD

Node

valicertenterprise_validation_authorityMatch3.3

valicertenterprise_validation_authorityMatch3.4

valicertenterprise_validation_authorityMatch3.5

valicertenterprise_validation_authorityMatch3.6

valicertenterprise_validation_authorityMatch3.7

valicertenterprise_validation_authorityMatch3.8

valicertenterprise_validation_authorityMatch3.9

valicertenterprise_validation_authorityMatch4.0

valicertenterprise_validation_authorityMatch4.1

valicertenterprise_validation_authorityMatch4.2

valicertenterprise_validation_authorityMatch4.2.1

CPENameOperatorVersion
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.3
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.4
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.5
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.6
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.7
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.8
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq3.9
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.0
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.1
valicert:enterprise_validation_authorityvalicert enterprise validation authorityeq4.2

CPE	Name	Operator	Version
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.3
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.4
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.5
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.6
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.7
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.8
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	3.9
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.0
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.1
valicert:enterprise_validation_authority	valicert enterprise validation authority	eq	4.2

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=100749428517090&w=2

www.securityfocus.com/bid/3621

www.securityfocus.com/bid/3622

www.securityfocus.com/bid/3624

www.securityfocus.com/bid/3625

www.securityfocus.com/bid/3627

www.securityfocus.com/bid/3628

www.securityfocus.com/bid/3629

www.securityfocus.com/bid/3630

www.securityfocus.com/bid/3631

www.securityfocus.com/bid/3632

www.securityfocus.com/bid/3633

www.securityfocus.com/bid/3634

www.securityfocus.com/bid/3635

www.securityfocus.com/bid/3636

www.valicert.com/support/security_advisory_eva.html

exchange.xforce.ibmcloud.com/vulnerabilities/7652

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.206 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2001-0949

cvelist1 nvd1