Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0948

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0948
Last Modified 05 Sep 2008 04:25:18
Published 04 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0948

Summary

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

Vulnerable Systems

Application

  • Valicert Enterprise Validation Authority 3.3

  • Valicert Enterprise Validation Authority 3.4

  • Valicert Enterprise Validation Authority 3.5

  • Valicert Enterprise Validation Authority 3.6

  • Valicert Enterprise Validation Authority 3.7

  • Valicert Enterprise Validation Authority 3.8

  • Valicert Enterprise Validation Authority 3.9

  • Valicert Enterprise Validation Authority 4.0

  • Valicert Enterprise Validation Authority 4.1

  • Valicert Enterprise Validation Authority 4.2

  • Valicert Enterprise Validation Authority 4.2.1


References

XF - eva-admin-script-injection(7650)

BID - 3619

CONFIRM - http://www.valicert.com/support/security_advisory_eva.html

BUGTRAQ - 20011204 NMRC Advisory - Multiple Valicert Problems


Last Updated: 27 May 2016 10:36:28