Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1152

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1152
Last Modified 05 Sep 2008 04:25:49
Published 05 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1152

Summary

Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.

Vulnerable Systems

Operating System

  • Baltimore Technologies Websweeper 4.02


References

BID - 3296

BUGTRAQ - 20010905 Various problems in Baltimore WebSweeper URL filtering

MISC - http://www.mimesweeper.com/support/technotes/notes/1043.asp


Last Updated: 27 May 2016 10:36:32