7.5
CVE-2001-0947
- EPSS 2.45%
- Veröffentlicht 04.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginForms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Valicert ≫ Enterprise Validation Authority Version3.3
Valicert ≫ Enterprise Validation Authority Version3.4
Valicert ≫ Enterprise Validation Authority Version3.5
Valicert ≫ Enterprise Validation Authority Version3.6
Valicert ≫ Enterprise Validation Authority Version3.7
Valicert ≫ Enterprise Validation Authority Version3.8
Valicert ≫ Enterprise Validation Authority Version3.9
Valicert ≫ Enterprise Validation Authority Version4.0
Valicert ≫ Enterprise Validation Authority Version4.1
Valicert ≫ Enterprise Validation Authority Version4.2
Valicert ≫ Enterprise Validation Authority Version4.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.45% | 0.823 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://marc.info/?l=bugtraq&m=100749428517090&w=2
http://www.securityfocus.com/bid/3615
http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7649