FKIE_CVE-2001-0949

Vulnerability from fkie_nvd - Published: 2001-12-04 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=100749428517090&w=2
cve@mitre.orghttp://www.securityfocus.com/bid/3621Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/3622
cve@mitre.orghttp://www.securityfocus.com/bid/3624
cve@mitre.orghttp://www.securityfocus.com/bid/3625
cve@mitre.orghttp://www.securityfocus.com/bid/3627
cve@mitre.orghttp://www.securityfocus.com/bid/3628
cve@mitre.orghttp://www.securityfocus.com/bid/3629
cve@mitre.orghttp://www.securityfocus.com/bid/3630
cve@mitre.orghttp://www.securityfocus.com/bid/3631
cve@mitre.orghttp://www.securityfocus.com/bid/3632
cve@mitre.orghttp://www.securityfocus.com/bid/3633
cve@mitre.orghttp://www.securityfocus.com/bid/3634
cve@mitre.orghttp://www.securityfocus.com/bid/3635
cve@mitre.orghttp://www.securityfocus.com/bid/3636
cve@mitre.orghttp://www.valicert.com/support/security_advisory_eva.htmlVendor Advisory, URL Repurposed
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7652
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=100749428517090&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3621Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3622
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3624
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3625
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3627
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3628
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3629
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3630
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3631
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3632
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3633
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3634
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3635
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3636
af854a3a-2127-422b-91ae-364da2661108http://www.valicert.com/support/security_advisory_eva.htmlVendor Advisory, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7652
Impacted products
Vendor Product Version
valicert enterprise_validation_authority 3.3
valicert enterprise_validation_authority 3.4
valicert enterprise_validation_authority 3.5
valicert enterprise_validation_authority 3.6
valicert enterprise_validation_authority 3.7
valicert enterprise_validation_authority 3.8
valicert enterprise_validation_authority 3.9
valicert enterprise_validation_authority 4.0
valicert enterprise_validation_authority 4.1
valicert enterprise_validation_authority 4.2
valicert enterprise_validation_authority 4.2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9EDA8D-1427-4FFB-B6E5-44296B945F1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "847A5CCA-A8A1-4B07-B60F-69E0E56E9384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "27251C41-296E-4635-9727-37D661080994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "474EF0B1-2D23-4149-A47B-F928DDB1F570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DA047B-69A6-41D2-B98E-9753813F325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB971CB-596A-4A53-A801-6934A64010E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "473714FE-2743-4144-8A02-29E5981A26D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49EE460-3930-45ED-B5C3-E7C72CECE122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8147DB94-C5FA-45FA-A601-3FF4D2F6C93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length."
    }
  ],
  "id": "CVE-2001-0949",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-12-04T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3622"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3625"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3630"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3632"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3633"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3634"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3635"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3636"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.valicert.com/support/security_advisory_eva.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.valicert.com/support/security_advisory_eva.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7652"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.