CVE-2001-0949
Published Dec 4, 2001
Last updated 9 months ago
Overview
- Description
- Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC9EDA8D-1427-4FFB-B6E5-44296B945F1C"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "847A5CCA-A8A1-4B07-B60F-69E0E56E9384"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27251C41-296E-4635-9727-37D661080994"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "474EF0B1-2D23-4149-A47B-F928DDB1F570"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1DA047B-69A6-41D2-B98E-9753813F325F"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DB971CB-596A-4A53-A801-6934A64010E8"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "473714FE-2743-4144-8A02-29E5981A26D0"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E49EE460-3930-45ED-B5C3-E7C72CECE122"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8147DB94-C5FA-45FA-A601-3FF4D2F6C93E"
},
{
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E"
}
],
"operator": "OR"
}
]
}
]