CVE-2001-0523

Опубликовано: 14 авг. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
Exploit
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6563
https://exchange.xforce.ibmcloud.com/vulnerabilities/6564
http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
Exploit
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6563
https://exchange.xforce.ibmcloud.com/vulnerabilities/6564

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eeye_digital_security:secureiis:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:eeye_digital_security:securells:*:*:*:*:*:*:*:*

Версия до 1.0.3 (включая)

EPSS

Процентиль: 62%

0.00424

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-473v-8xrg-7236

github

почти 4 года назад