Lucene search
MitreCVE-2001-0870HistoryDec 21, 2001 - 5:00 a.m.
CVE-2001-0870
2001-12-2105:00:00
mitre
web.nvd.nist.gov
22
alchemy eye
network monitor
cve-2001-0870
http server
default authentication
sensitive information
eye.ini file
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
73.1%
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
Affected configurations
Node
alchemy_labalchemy_eyeMatch1.9
ORalchemy_labalchemy_eyeMatch2.0
ORalchemy_labalchemy_eyeMatch2.1
ORalchemy_labalchemy_eyeMatch2.2
ORalchemy_labalchemy_eyeMatch2.3
ORalchemy_labalchemy_eyeMatch2.4
ORalchemy_labalchemy_eyeMatch2.5
ORalchemy_labalchemy_eyeMatch2.6
ORalchemy_labalchemy_eyeMatch2.6.18
ORdek_softwarealchemy_network_monitorRange≤2.6.18
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alchemy_lab | alchemy_eye | 1.9 | cpe:2.3:a:alchemy_lab:alchemy_eye:1.9:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.0 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.0:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.1 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.1:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.2 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.2:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.3 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.3:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.4 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.4:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.5 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.5:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.6 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.6:*:*:*:*:*:*:* |
| alchemy_lab | alchemy_eye | 2.6.18 | cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.18:*:*:*:*:*:*:* |
| dek_software | alchemy_network_monitor | * | cpe:2.3:a:dek_software:alchemy_network_monitor:*:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
2001-12-01 00:00:00
cvelist
cvelist
CVE-2001-0870
2001-11-30 05:00:00
nvd
nvd
CVE-2001-0870
2001-12-21 05:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
73.1%
Related for CVE-2001-0870