Lucene search

[email protected]CVE-2001-0133

HistoryMar 12, 2001 - 5:00 a.m.

CVE-2001-0133

2001-03-1205:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

interscan viruswall

vulnerability

cve-2001-0133

password expose

lack of encryption

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.4%

JSON

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.

CPENameOperatorVersion
trend_micro:interscan_viruswalltrend micro interscan viruswallle3.6
trend_micro:interscan_viruswalltrend micro interscan viruswalleq3.0.1

CPE	Name	Operator	Version
trend_micro:interscan_viruswall	trend micro interscan viruswall	le	3.6
trend_micro:interscan_viruswall	trend micro interscan viruswall	eq	3.0.1

References

archives.neohapsis.com/archives/bugtraq/2001-01/0235.html

www.securityfocus.com/bid/2212

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2001-0133

openvas1 nessus1