Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0871

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0871
Last Modified 05 Sep 2008 04:25:07
Published 21 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0871

Summary

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

Vulnerable Systems

Application

  • Alchemy Lab Alchemy Eye 2.0

  • Alchemy Lab Alchemy Eye 2.1

  • Alchemy Lab Alchemy Eye 2.2

  • Alchemy Lab Alchemy Eye 2.3

  • Alchemy Lab Alchemy Eye 2.4

  • Alchemy Lab Alchemy Eye 2.5

  • Alchemy Lab Alchemy Eye 2.6

  • Alchemy Lab Alchemy Eye 2.6.18

  • Alchemy Lab Alchemy Eye 2.6.19

  • Alchemy Lab Alchemy Eye 3.0

  • Alchemy Lab Alchemy Eye 3.0.10

  • Dek Software Alchemy Network Monitor 3.0.10


References

CERT-VN - VU#220715

BUGTRAQ - 20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution

XF - alchemy-http-dot-variant(7626)

BID - 3599

XF - alchemy-http-dot-commands(7625)


Last Updated: 27 May 2016 10:36:26