Vulnerability CVE-2001-0949
Published: 2001-12-04   Modified: 2012-02-12

Description:
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Valicert -> Enterprise validation authority 

 References:
http://marc.info/?l=bugtraq&m=100749428517090&w=2
http://www.securityfocus.com/bid/3621
http://www.securityfocus.com/bid/3622
http://www.securityfocus.com/bid/3624
http://www.securityfocus.com/bid/3625
http://www.securityfocus.com/bid/3627
http://www.securityfocus.com/bid/3628
http://www.securityfocus.com/bid/3629
http://www.securityfocus.com/bid/3630
http://www.securityfocus.com/bid/3631
http://www.securityfocus.com/bid/3632
http://www.securityfocus.com/bid/3633
http://www.securityfocus.com/bid/3634
http://www.securityfocus.com/bid/3635
http://www.securityfocus.com/bid/3636
http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7652
Copyright 2024, cxsecurity.com

 

Back to Top