Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution.
Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP requests, allowing attackers to execute arbitrary commands.
Remote attackers can execute arbitrary commands on the server.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor| Status| Date Notified| Date Updated
Alchemy Lab| | -| 25 Sep 2002
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Rapid 7 for reporting this vulnerability.
This document was written by Shawn Van Ittersum.