Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0870

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-0870
Last Modified 05 Sep 2008 04:25:07
Published 21 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0870

Summary

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.

Vulnerable Systems

Application

  • Alchemy Lab Alchemy Eye 1.9

  • Alchemy Lab Alchemy Eye 2.0

  • Alchemy Lab Alchemy Eye 2.1

  • Alchemy Lab Alchemy Eye 2.2

  • Alchemy Lab Alchemy Eye 2.3

  • Alchemy Lab Alchemy Eye 2.4

  • Alchemy Lab Alchemy Eye 2.5

  • Alchemy Lab Alchemy Eye 2.6

  • Alchemy Lab Alchemy Eye 2.6.18

  • Dek Software Alchemy Network Monitor 2.6.18


References

BID - 3598

BUGTRAQ - 20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing

XF - alchemy-http-view-log(7630)


Last Updated: 27 May 2016 10:36:26