CVE-2001-0949

Sažetak

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Reference

http://marc.info/?l=bugtraq&m=100749428517090&w=2
http://www.securityfocus.com/bid/3621
http://www.securityfocus.com/bid/3622
http://www.securityfocus.com/bid/3624
http://www.securityfocus.com/bid/3625
http://www.securityfocus.com/bid/3627
http://www.securityfocus.com/bid/3628
http://www.securityfocus.com/bid/3629
http://www.securityfocus.com/bid/3630
http://www.securityfocus.com/bid/3631
http://www.securityfocus.com/bid/3632
http://www.securityfocus.com/bid/3633
http://www.securityfocus.com/bid/3634
http://www.securityfocus.com/bid/3635
http://www.securityfocus.com/bid/3636
http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7652

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

04-12-2001 - 05:00