Search

Find a vulnerability

Search criteria

    12 vulnerabilities by entrust

    VAR-200412-0107

    Vulnerability from variot - Updated: 2025-04-03 22:31

    Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. Although unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library. The Entrust LibKmp ISAKMP library is used by multiple VPN vendors to exchange IKE keys for IPSEC-based VPN products. libKmp handles all incoming ISAKMP packets, this library is also used to authenticate and check the processing of incoming requests. The Entrust LibKmp ISAKMP library does not correctly verify incoming ISAKMP packets when implementing the IKE key exchange protocol. Entrust\'\'s LibKmp library is provided by the vendor to third parties to handle the exchange of IKE keys. This library is used in several enterprise firewall VPN products. Entrust\'\'s LibKmp library is fully checked for handling ISAKMP payloads and sizes. But the proposal payload embedded in the main SA payload is not properly filtered. The code that handles these loads has a flaw that can lead to memory corruption, a heap overflow. An attacker exploits this vulnerability to send malicious ISAKMP packets, which can cause the VPN component to crash, and carefully constructed and submitted data may execute arbitrary instructions on the system with process privileges. Product: Symantec Gateway Security 2.0 - Model 5400 Series

    Copyright \xa9 2004 Symantec Corporation August, 2004


    Hotfix: SG8000-20040715-00 - Entrust updates


    This document contains the following information about the Symantec Gateway Security 2.0 - Model 5400 Series:

    • Prerequisites
    • Included modules
    • Fix description
    • Installation instructions
    • Uninstallation instructions

    Prerequisites:

    HB8000-20031023-00 - December 2003 patch SG8000-20040405-00 - April 2004 patch


    Included modules:

    isakmpd libEntrust.so libkmp.so


    Fix description:

    Corrects problem with Denial of Service attack reported against isakmpd in CAN-2004-0369.


    Installation instructions:

    The April 2004 patch must be installed prior to installing this hotfix.

    To install the patch

    1. Download the entrust-sgs20.tgz file to a location that is accessible from the Security Gateway Management Interface (SGMI).
    2. In the SGMI, on the Action menu, click HotFix.
    3. In the left pane of the Hotfix Management window, click Install hotfix.
    4. In the right pane of the Hotfix Management window, click Browse.
    5. In the Choose file dialog box, browse to and select the entrust-sgs20.tgz file, and then click Open.
    6. In the right pane of the Hotfix Management window, click Install.
    7. Wait until a message appears in the right pane of the Hotfix Management window. (Note: there is no visible indication of activity.)
    8. If the message includes a "Restart" link, click the link and wait until the "Security gateway is restarting" message appears.
    9. Close the Hotfix Management window.

    Uninstallation instructions:

    To uninstall the patch

    1. In the SGMI, on the Action menu, click HotFix.
    2. In the left pane of the Hotfix Management window, click Uninstall hotfix.
    3. In the right pane of the Hotfix Management window, click the radio button next to hotfix ID SG8000-20040715-00.
    4. In the right pane of the Hotfix Management window, click Uninstall.
    5. Wait until a message appears in the right pane of the Hotfix Management window. (Note: there is no visible indication of activity.)
    6. If the message includes a "Restart" link, click the link and wait until the "Security gateway is restarting" message appears.
    7. Close the Hotfix Management window.

    . Connect to Symantec Gateway Security (SGS) using the SRMC. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor icon. Browse to the location of the *.tgz file. Select Open to load the patch. Answer "No" when asked if you want to reboot the system. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor. Select All Tasks > SRL Client. Log into the system. Type: cd /usr/vr/hotfixes/SG7004-20040715-00 and press Enter. Type: ./Uninstall and press Enter

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "enterprise firewall",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "symantec",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "enterprise firewall",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "velociraptor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "symantec",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "enterprise firewall",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "symantec",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "gateway security 5300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "gateway security 5400",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "libkmp isakmp library",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "entrust",
            "version": "*"
          },
          {
            "_id": null,
            "model": "gateway security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "5440"
          },
          {
            "_id": null,
            "model": "gateway security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "5300"
          },
          {
            "_id": null,
            "model": "gateway security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "52001.0"
          },
          {
            "_id": null,
            "model": "gateway security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "51101.0"
          },
          {
            "_id": null,
            "model": "gateway security 360r",
            "scope": null,
            "trust": 0.3,
            "vendor": "symantec",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise firewall solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "enterprise firewall nt/2000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "enterprise firewall solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise firewall nt/2000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "libkmp isakmp library",
            "scope": null,
            "trust": 0.3,
            "vendor": "entrust",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:enterprise_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Mark Dowd\nNeel Mehta",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2004-0369",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2004-0369",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-8799",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2004-0369",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2004-0369",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200412-576",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-8799",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability.  Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. \nAlthough unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library. The Entrust LibKmp ISAKMP library is used by multiple VPN vendors to exchange IKE keys for IPSEC-based VPN products. libKmp handles all incoming ISAKMP packets, this library is also used to authenticate and check the processing of incoming requests. The Entrust LibKmp ISAKMP library does not correctly verify incoming ISAKMP packets when implementing the IKE key exchange protocol. Entrust\\\u0027\\\u0027s LibKmp library is provided by the vendor to third parties to handle the exchange of IKE keys. This library is used in several enterprise firewall VPN products. Entrust\\\u0027\\\u0027s LibKmp library is fully checked for handling ISAKMP payloads and sizes. But the proposal payload embedded in the main SA payload is not properly filtered. The code that handles these loads has a flaw that can lead to memory corruption, a heap overflow. An attacker exploits this vulnerability to send malicious ISAKMP packets, which can cause the VPN component to crash, and carefully constructed and submitted data may execute arbitrary instructions on the system with process privileges. \nProduct: Symantec Gateway Security 2.0 - Model 5400 Series\t\n\nCopyright \\xa9 2004 Symantec Corporation                                   August, 2004\n************************************************************************************\nHotfix: SG8000-20040715-00 - Entrust updates\n\n************************************************************************************\nThis document contains the following information about the Symantec Gateway Security\n2.0 - Model 5400 Series:\n\n* Prerequisites\n* Included modules\n* Fix description\n* Installation instructions\n* Uninstallation instructions\n\n************************************************************************************\nPrerequisites:\n\nHB8000-20031023-00 - December 2003 patch\nSG8000-20040405-00 - April 2004 patch\n\n************************************************************************************\nIncluded modules:\n\nisakmpd\nlibEntrust.so\nlibkmp.so\n \n************************************************************************************\nFix description:\n\nCorrects problem with Denial of Service attack reported against isakmpd in \nCAN-2004-0369. \n\n************************************************************************************\nInstallation instructions:\n\nThe April 2004 patch must be installed prior to installing this hotfix. \n\nTo install the patch\n\n1.  Download the entrust-sgs20.tgz file to a location that is accessible from \n    the Security Gateway Management Interface (SGMI). \n2.  In the SGMI, on the Action menu, click HotFix. \n3.  In the left pane of the Hotfix Management window, click Install hotfix. \n4.  In the right pane of the Hotfix Management window, click Browse. \n5.  In the Choose file dialog box, browse to and select the entrust-sgs20.tgz file,\n    and then click Open. \n6.  In the right pane of the Hotfix Management window, click Install. \n7.  Wait until a message appears in the right pane of the Hotfix Management window. \n    (Note: there is no visible indication of activity.)\n8.  If the message includes a \"Restart\" link, click the link and wait until the\n    \"Security gateway is restarting\" message appears. \n9.  Close the Hotfix Management window. \n\n\n************************************************************************************\nUninstallation instructions:\n\nTo uninstall the patch\n\n1.  In the SGMI, on the Action menu, click HotFix. \n2.  In the left pane of the Hotfix Management window, click Uninstall hotfix. \n3.  In the right pane of the Hotfix Management window, click the radio button next\n    to hotfix ID SG8000-20040715-00. \n4.  In the right pane of the Hotfix Management window, click Uninstall. \n5.  Wait until a message appears in the right pane of the Hotfix Management window. \n    (Note: there is no visible indication of activity.)\n6.  If the message includes a \"Restart\" link, click the link and wait until the\n    \"Security gateway is restarting\" message appears. \n7.  Close the Hotfix Management window. \n\n\n************************************************************************************\n\n.  Connect to Symantec Gateway Security (SGS) using the SRMC.  Connect to the VelociRaptor using the SRMC.  Right-click the VelociRaptor icon.  Browse to the location of the *.tgz file.  Select Open to load the patch.  Answer \"No\" when asked if you want to reboot the system.  Connect to the VelociRaptor using the SRMC.  Right-click the VelociRaptor.  Select All Tasks \u003e SRL Client.  Log into the system.  Type: cd /usr/vr/hotfixes/SG7004-20040715-00 and press Enter.  Type: ./Uninstall and press Enter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          },
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "VULHUB",
            "id": "VHN-8799"
          },
          {
            "db": "PACKETSTORM",
            "id": "34156"
          },
          {
            "db": "PACKETSTORM",
            "id": "34155"
          },
          {
            "db": "PACKETSTORM",
            "id": "34154"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2004-0369",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "11039",
            "trust": 2.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2004.0538",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "12371",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576",
            "trust": 0.7
          },
          {
            "db": "ISS",
            "id": "20040826 ENTRUST LIBKMP LIBRARY BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "CIAC",
            "id": "O-206",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "15669",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "6852",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "34156",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "34155",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "34154",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-8799",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8799"
          },
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          },
          {
            "db": "PACKETSTORM",
            "id": "34156"
          },
          {
            "db": "PACKETSTORM",
            "id": "34155"
          },
          {
            "db": "PACKETSTORM",
            "id": "34154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          }
        ]
      },
      "id": "VAR-200412-0107",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8799"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-03T22:31:39.482000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SYM04-012",
            "trust": 0.8,
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
          },
          {
            "title": "SYM04-012",
            "trust": 0.8,
            "url": "http://www.symantec.com/region/jp/sarcj/security/content/2004.08.26.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "http://xforce.iss.net/xforce/alerts/id/181"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/11039"
          },
          {
            "trust": 2.0,
            "url": "http://securityresponse.symantec.com/avcenter/security/content/2004.08.26.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.auscert.org.au/render.html?it=4339"
          },
          {
            "trust": 1.7,
            "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0369"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0369"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/12371/"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15669"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/6852"
          },
          {
            "trust": 0.3,
            "url": "https://www.entrust.com/trustedcare/troubleshooting/bulletins.htm"
          },
          {
            "trust": 0.3,
            "url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=342\u0026eid=0"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-70w-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-70s-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-704s-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-704w-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=47"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-sgs10-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "ftp://ftp.symantec.com/public/updates/entrust-sgs20-readme.txt"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0369"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8799"
          },
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340"
          },
          {
            "db": "PACKETSTORM",
            "id": "34156"
          },
          {
            "db": "PACKETSTORM",
            "id": "34155"
          },
          {
            "db": "PACKETSTORM",
            "id": "34154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0369"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-8799",
            "ident": null
          },
          {
            "db": "BID",
            "id": "11039",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000340",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "34156",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "34155",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "34154",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0369",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2004-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8799",
            "ident": null
          },
          {
            "date": "2004-08-25T00:00:00",
            "db": "BID",
            "id": "11039",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000340",
            "ident": null
          },
          {
            "date": "2004-08-26T20:10:18",
            "db": "PACKETSTORM",
            "id": "34156",
            "ident": null
          },
          {
            "date": "2004-08-26T20:09:14",
            "db": "PACKETSTORM",
            "id": "34155",
            "ident": null
          },
          {
            "date": "2004-08-26T20:07:58",
            "db": "PACKETSTORM",
            "id": "34154",
            "ident": null
          },
          {
            "date": "2004-08-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200412-576",
            "ident": null
          },
          {
            "date": "2004-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-0369",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8799",
            "ident": null
          },
          {
            "date": "2009-07-12T06:17:00",
            "db": "BID",
            "id": "11039",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000340",
            "ident": null
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200412-576",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2004-0369",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Entrust LibKMP ISAKMP Library Remote IPsec/ISAKMP Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "_id": null,
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "11039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-576"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-201807-0667

    Vulnerability from variot - Updated: 2024-11-23 22:26

    Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. Entrust Datacard Syntera CS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Entrust Datacard Syntera CS is an integrated suite of Entrust Datacard Corporation in the United States for connecting Datacard issuing systems and special software

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0667",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "syntera customization suite",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "entrustdatacard",
            "version": "5.1"
          },
          {
            "model": "syntera customization suite",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "entrustdatacard",
            "version": "5.0"
          },
          {
            "model": "syntera customization suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "entrust datacard",
            "version": "5.x"
          },
          {
            "model": "datacard syntera cs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "entrust",
            "version": "5.*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:entrustdatacard:syntera_customization_suite",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          }
        ]
      },
      "cve": "CVE-2018-13252",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-13252",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-13037",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-13252",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-13252",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-13252",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-13037",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-338",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Entrust Datacard Syntera CS 5.x has XSS via the name field of \"Domain or Computer Name\" in the login page. Entrust Datacard Syntera CS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Entrust Datacard Syntera CS is an integrated suite of Entrust Datacard Corporation in the United States for connecting Datacard issuing systems and special software",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13252",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "id": "VAR-201807-0667",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:26:16.869000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Syntera Customization Suite Software Support",
            "trust": 0.8,
            "url": "https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/herwonowr/cve/tree/master/cve-2018-13252"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13252"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13252"
          },
          {
            "trust": 0.6,
            "url": "https://www.entrustdatacard.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "date": "2018-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "date": "2018-07-05T17:29:00.250000",
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007774"
          },
          {
            "date": "2018-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          },
          {
            "date": "2024-11-21T03:46:43.920000",
            "db": "NVD",
            "id": "CVE-2018-13252"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Entrust Datacard Syntera CS Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-13037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-338"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2007-4594 (GCVE-0-2007-4594)

    Vulnerability from nvd – Published: 2007-08-29 22:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26630 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25471 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26630"
              },
              {
                "name": "25471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25471"
              },
              {
                "name": "esp-certificate-security-bypass(36331)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26630"
            },
            {
              "name": "25471",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25471"
            },
            {
              "name": "esp-certificate-security-bypass(36331)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26630"
                },
                {
                  "name": "25471",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25471"
                },
                {
                  "name": "esp-certificate-security-bypass(36331)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4594",
        "datePublished": "2007-08-29T22:00:00.000Z",
        "dateReserved": "2007-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0369 (GCVE-0-2004-0369)

    Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.auscert.org.au/render.html?it=4339 third-party-advisoryx_refsource_AUSCERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://xforce.iss.net/xforce/alerts/id/181 third-party-advisoryx_refsource_ISS
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.ciac.org/ciac/bulletins/o-206.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/11039 vdb-entryx_refsource_BID
    Date Public
    2004-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ESB-2004.0538",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/render.html?it=4339"
              },
              {
                "name": "isakmp-spi-size-bo(15669)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
              },
              {
                "name": "20040826 Entrust LibKmp Library Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://xforce.iss.net/xforce/alerts/id/181"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
              },
              {
                "name": "O-206",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
              },
              {
                "name": "11039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ESB-2004.0538",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/render.html?it=4339"
            },
            {
              "name": "isakmp-spi-size-bo(15669)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
            },
            {
              "name": "20040826 Entrust LibKmp Library Buffer Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/181"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
            },
            {
              "name": "O-206",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
            },
            {
              "name": "11039",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11039"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ESB-2004.0538",
                  "refsource": "AUSCERT",
                  "url": "http://www.auscert.org.au/render.html?it=4339"
                },
                {
                  "name": "isakmp-spi-size-bo(15669)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
                },
                {
                  "name": "20040826 Entrust LibKmp Library Buffer Overflow",
                  "refsource": "ISS",
                  "url": "http://xforce.iss.net/xforce/alerts/id/181"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
                },
                {
                  "name": "O-206",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
                },
                {
                  "name": "11039",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11039"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0369",
        "datePublished": "2005-04-14T04:00:00.000Z",
        "dateReserved": "2004-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0712 (GCVE-0-2002-0712)

    Vulnerability from nvd – Published: 2004-01-14 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/720017 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/AAMN-5KKVXC x_refsource_CONFIRM
    http://www.securityfocus.com/bid/7284 vdb-entryx_refsource_BID
    Date Public
    2003-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#720017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/720017"
              },
              {
                "name": "easm-multiple-authorization-bypass(11724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
              },
              {
                "name": "7284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7284"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#720017",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/720017"
            },
            {
              "name": "easm-multiple-authorization-bypass(11724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
            },
            {
              "name": "7284",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7284"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#720017",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/720017"
                },
                {
                  "name": "easm-multiple-authorization-bypass(11724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
                },
                {
                  "name": "7284",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7284"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0712",
        "datePublished": "2004-01-14T05:00:00.000Z",
        "dateReserved": "2002-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0853 (GCVE-0-2001-0853)

    Vulnerability from nvd – Published: 2001-11-22 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=100498111712723&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3508 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/243243 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2001-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:06.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
              },
              {
                "name": "20011105 New getAccess[tm] Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
              },
              {
                "name": "getaccess-shellscripts-retrieve-files(7474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
              },
              {
                "name": "3508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3508"
              },
              {
                "name": "VU#243243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/243243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
            },
            {
              "name": "20011105 New getAccess[tm] Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
            },
            {
              "name": "getaccess-shellscripts-retrieve-files(7474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
            },
            {
              "name": "3508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3508"
            },
            {
              "name": "VU#243243",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/243243"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
                },
                {
                  "name": "20011105 New getAccess[tm] Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
                },
                {
                  "name": "getaccess-shellscripts-retrieve-files(7474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
                },
                {
                  "name": "3508",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3508"
                },
                {
                  "name": "VU#243243",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/243243"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0853",
        "datePublished": "2001-11-22T05:00:00.000Z",
        "dateReserved": "2001-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:06.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1024 (GCVE-0-2001-1024)

    Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:06.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010727 Entrust - getAccess",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
              },
              {
                "name": "entrust-getaccess-execute-commands(6915)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010727 Entrust - getAccess",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
            },
            {
              "name": "entrust-getaccess-execute-commands(6915)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010727 Entrust - getAccess",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
                },
                {
                  "name": "entrust-getaccess-execute-commands(6915)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1024",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:06.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4594 (GCVE-0-2007-4594)

    Vulnerability from cvelistv5 – Published: 2007-08-29 22:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26630 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25471 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26630"
              },
              {
                "name": "25471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25471"
              },
              {
                "name": "esp-certificate-security-bypass(36331)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26630"
            },
            {
              "name": "25471",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25471"
            },
            {
              "name": "esp-certificate-security-bypass(36331)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26630"
                },
                {
                  "name": "25471",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25471"
                },
                {
                  "name": "esp-certificate-security-bypass(36331)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4594",
        "datePublished": "2007-08-29T22:00:00.000Z",
        "dateReserved": "2007-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0369 (GCVE-0-2004-0369)

    Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.auscert.org.au/render.html?it=4339 third-party-advisoryx_refsource_AUSCERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://xforce.iss.net/xforce/alerts/id/181 third-party-advisoryx_refsource_ISS
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.ciac.org/ciac/bulletins/o-206.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/11039 vdb-entryx_refsource_BID
    Date Public
    2004-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ESB-2004.0538",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/render.html?it=4339"
              },
              {
                "name": "isakmp-spi-size-bo(15669)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
              },
              {
                "name": "20040826 Entrust LibKmp Library Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://xforce.iss.net/xforce/alerts/id/181"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
              },
              {
                "name": "O-206",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
              },
              {
                "name": "11039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ESB-2004.0538",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/render.html?it=4339"
            },
            {
              "name": "isakmp-spi-size-bo(15669)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
            },
            {
              "name": "20040826 Entrust LibKmp Library Buffer Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/181"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
            },
            {
              "name": "O-206",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
            },
            {
              "name": "11039",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11039"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ESB-2004.0538",
                  "refsource": "AUSCERT",
                  "url": "http://www.auscert.org.au/render.html?it=4339"
                },
                {
                  "name": "isakmp-spi-size-bo(15669)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
                },
                {
                  "name": "20040826 Entrust LibKmp Library Buffer Overflow",
                  "refsource": "ISS",
                  "url": "http://xforce.iss.net/xforce/alerts/id/181"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
                },
                {
                  "name": "O-206",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
                },
                {
                  "name": "11039",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11039"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0369",
        "datePublished": "2005-04-14T04:00:00.000Z",
        "dateReserved": "2004-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0712 (GCVE-0-2002-0712)

    Vulnerability from cvelistv5 – Published: 2004-01-14 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/720017 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/AAMN-5KKVXC x_refsource_CONFIRM
    http://www.securityfocus.com/bid/7284 vdb-entryx_refsource_BID
    Date Public
    2003-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#720017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/720017"
              },
              {
                "name": "easm-multiple-authorization-bypass(11724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
              },
              {
                "name": "7284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7284"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#720017",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/720017"
            },
            {
              "name": "easm-multiple-authorization-bypass(11724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
            },
            {
              "name": "7284",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7284"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#720017",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/720017"
                },
                {
                  "name": "easm-multiple-authorization-bypass(11724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
                },
                {
                  "name": "7284",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7284"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0712",
        "datePublished": "2004-01-14T05:00:00.000Z",
        "dateReserved": "2002-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1024 (GCVE-0-2001-1024)

    Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:06.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010727 Entrust - getAccess",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
              },
              {
                "name": "entrust-getaccess-execute-commands(6915)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010727 Entrust - getAccess",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
            },
            {
              "name": "entrust-getaccess-execute-commands(6915)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010727 Entrust - getAccess",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
                },
                {
                  "name": "entrust-getaccess-execute-commands(6915)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1024",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:06.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0853 (GCVE-0-2001-0853)

    Vulnerability from cvelistv5 – Published: 2001-11-22 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=100498111712723&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3508 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/243243 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2001-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:06.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
              },
              {
                "name": "20011105 New getAccess[tm] Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
              },
              {
                "name": "getaccess-shellscripts-retrieve-files(7474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
              },
              {
                "name": "3508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3508"
              },
              {
                "name": "VU#243243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/243243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
            },
            {
              "name": "20011105 New getAccess[tm] Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
            },
            {
              "name": "getaccess-shellscripts-retrieve-files(7474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
            },
            {
              "name": "3508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3508"
            },
            {
              "name": "VU#243243",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/243243"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
                },
                {
                  "name": "20011105 New getAccess[tm] Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
                },
                {
                  "name": "getaccess-shellscripts-retrieve-files(7474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
                },
                {
                  "name": "3508",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3508"
                },
                {
                  "name": "VU#243243",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/243243"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0853",
        "datePublished": "2001-11-22T05:00:00.000Z",
        "dateReserved": "2001-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:06.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }