Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0949

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0949
Last Modified 05 Sep 2008 04:25:18
Published 04 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0949

Summary

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Vulnerable Systems

Application

  • Valicert Enterprise Validation Authority 3.3

  • Valicert Enterprise Validation Authority 3.4

  • Valicert Enterprise Validation Authority 3.5

  • Valicert Enterprise Validation Authority 3.6

  • Valicert Enterprise Validation Authority 3.7

  • Valicert Enterprise Validation Authority 3.8

  • Valicert Enterprise Validation Authority 3.9

  • Valicert Enterprise Validation Authority 4.0

  • Valicert Enterprise Validation Authority 4.1

  • Valicert Enterprise Validation Authority 4.2

  • Valicert Enterprise Validation Authority 4.2.1


References

XF - eva-forms-bo(7652)

BID - 3621

CONFIRM - http://www.valicert.com/support/security_advisory_eva.html

BID - 3636

BID - 3635

BID - 3634

BID - 3633

BID - 3632

BID - 3631

BID - 3630

BID - 3629

BID - 3628

BID - 3627

BID - 3625

BID - 3624

BID - 3622

BUGTRAQ - 20011204 NMRC Advisory - Multiple Valicert Problems


Last Updated: 27 May 2016 10:36:28