Lucene search

[email protected]CVE-2001-1026

HistoryJul 09, 2001 - 4:00 a.m.

CVE-2001-1026

2001-07-0904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1026

trend micro

interscan applettrap

url filtering

security issue

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON

Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.

CPENameOperatorVersion
trend_micro:interscan_applettraptrend micro interscan applettrapeq2.0

CPE	Name	Operator	Version
trend_micro:interscan_applettrap	trend micro interscan applettrap	eq	2.0

References

archives.neohapsis.com/archives/bugtraq/2001-07/0129.html

www.securityfocus.com/bid/2996

www.securityfocus.com/bid/2998

www.securityfocus.com/bid/3000

exchange.xforce.ibmcloud.com/vulnerabilities/6816

exchange.xforce.ibmcloud.com/vulnerabilities/6817

exchange.xforce.ibmcloud.com/vulnerabilities/6818

exchange.xforce.ibmcloud.com/vulnerabilities/6819

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON