CVE-2001-1481

Опубликовано: 31 дек. 2001

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

Ссылки

http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
Broken Link
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/242375
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/3582
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7600
Third Party Advisory
VDB Entry
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
Broken Link
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/242375
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/3582
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7600
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xitami:xitami:*:*:*:*:*:*:*:*

Версия от 2.4 (включая) до 2.5 (включая)

cpe:2.3:a:xitami:xitami:2.5:beta4:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01697

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-h5h4-cjwm-9g2f