Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0947

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0947
Last Modified 05 Sep 2008 04:25:18
Published 04 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0947

Summary

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Vulnerable Systems

Application

  • Valicert Enterprise Validation Authority 3.3

  • Valicert Enterprise Validation Authority 3.4

  • Valicert Enterprise Validation Authority 3.5

  • Valicert Enterprise Validation Authority 3.6

  • Valicert Enterprise Validation Authority 3.7

  • Valicert Enterprise Validation Authority 3.8

  • Valicert Enterprise Validation Authority 3.9

  • Valicert Enterprise Validation Authority 4.0

  • Valicert Enterprise Validation Authority 4.1

  • Valicert Enterprise Validation Authority 4.2

  • Valicert Enterprise Validation Authority 4.2.1


References

XF - eva-forms-reveal-path(7649)

BID - 3615

CONFIRM - http://www.valicert.com/support/security_advisory_eva.html

BUGTRAQ - 20011204 NMRC Advisory - Multiple Valicert Problems


Last Updated: 27 May 2016 10:36:28