CVE-2001-0947

EPSS 0.9%
Veröffentlicht 04.12.2001 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Valicert ≫ Enterprise Validation Authority Version3.3

Valicert ≫ Enterprise Validation Authority Version3.4

Valicert ≫ Enterprise Validation Authority Version3.5

Valicert ≫ Enterprise Validation Authority Version3.6

Valicert ≫ Enterprise Validation Authority Version3.7

Valicert ≫ Enterprise Validation Authority Version3.8

Valicert ≫ Enterprise Validation Authority Version3.9

Valicert ≫ Enterprise Validation Authority Version4.0

Valicert ≫ Enterprise Validation Authority Version4.1

Valicert ≫ Enterprise Validation Authority Version4.2

Valicert ≫ Enterprise Validation Authority Version4.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.75

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=100749428517090&w=2

http://www.securityfocus.com/bid/3615

Patch

Vendor Advisory

http://www.valicert.com/support/security_advisory_eva.html

Vendor Advisory

URL Repurposed

https://exchange.xforce.ibmcloud.com/vulnerabilities/7649

https://nvd.nist.gov/vuln/detail/CVE-2001-0947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-0947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-0947

EUVD