CVE-2001-0949 (GCVE-0-2001-0949)

Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI
Summary
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/3634 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3631 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3635 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3628 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3625 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3636 vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=100749428517090&w=2 mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3633 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3630 vdb-entryx_refsource_BID
http://www.valicert.com/support/security_advisory… x_refsource_CONFIRM
http://www.securityfocus.com/bid/3629 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3621 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3622 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3627 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3632 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/3624 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Date Public
2001-12-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:37:06.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3634",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3634"
          },
          {
            "name": "3631",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3631"
          },
          {
            "name": "3635",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3635"
          },
          {
            "name": "3628",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3628"
          },
          {
            "name": "3625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3625"
          },
          {
            "name": "3636",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3636"
          },
          {
            "name": "20011204 NMRC Advisory - Multiple Valicert Problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2"
          },
          {
            "name": "3633",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3633"
          },
          {
            "name": "3630",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3630"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.valicert.com/support/security_advisory_eva.html"
          },
          {
            "name": "3629",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3629"
          },
          {
            "name": "3621",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3621"
          },
          {
            "name": "3622",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3622"
          },
          {
            "name": "3627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3627"
          },
          {
            "name": "3632",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3632"
          },
          {
            "name": "3624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3624"
          },
          {
            "name": "eva-forms-bo(7652)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-12-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3634",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3634"
        },
        {
          "name": "3631",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3631"
        },
        {
          "name": "3635",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3635"
        },
        {
          "name": "3628",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3628"
        },
        {
          "name": "3625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3625"
        },
        {
          "name": "3636",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3636"
        },
        {
          "name": "20011204 NMRC Advisory - Multiple Valicert Problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2"
        },
        {
          "name": "3633",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3633"
        },
        {
          "name": "3630",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3630"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.valicert.com/support/security_advisory_eva.html"
        },
        {
          "name": "3629",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3629"
        },
        {
          "name": "3621",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3621"
        },
        {
          "name": "3622",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3622"
        },
        {
          "name": "3627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3627"
        },
        {
          "name": "3632",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3632"
        },
        {
          "name": "3624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3624"
        },
        {
          "name": "eva-forms-bo(7652)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0949",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3634",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3634"
            },
            {
              "name": "3631",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3631"
            },
            {
              "name": "3635",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3635"
            },
            {
              "name": "3628",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3628"
            },
            {
              "name": "3625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3625"
            },
            {
              "name": "3636",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3636"
            },
            {
              "name": "20011204 NMRC Advisory - Multiple Valicert Problems",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2"
            },
            {
              "name": "3633",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3633"
            },
            {
              "name": "3630",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3630"
            },
            {
              "name": "http://www.valicert.com/support/security_advisory_eva.html",
              "refsource": "CONFIRM",
              "url": "http://www.valicert.com/support/security_advisory_eva.html"
            },
            {
              "name": "3629",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3629"
            },
            {
              "name": "3621",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3621"
            },
            {
              "name": "3622",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3622"
            },
            {
              "name": "3627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3627"
            },
            {
              "name": "3632",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3632"
            },
            {
              "name": "3624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3624"
            },
            {
              "name": "eva-forms-bo(7652)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0949",
    "datePublished": "2002-02-02T05:00:00.000Z",
    "dateReserved": "2002-01-31T00:00:00.000Z",
    "dateUpdated": "2024-08-08T04:37:06.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2001-0949",
      "date": "2026-07-15",
      "epss": "0.04063",
      "percentile": "0.8951"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC9EDA8D-1427-4FFB-B6E5-44296B945F1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"847A5CCA-A8A1-4B07-B60F-69E0E56E9384\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27251C41-296E-4635-9727-37D661080994\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"474EF0B1-2D23-4149-A47B-F928DDB1F570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1DA047B-69A6-41D2-B98E-9753813F325F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DB971CB-596A-4A53-A801-6934A64010E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"473714FE-2743-4144-8A02-29E5981A26D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E49EE460-3930-45ED-B5C3-E7C72CECE122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8147DB94-C5FA-45FA-A601-3FF4D2F6C93E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.\"}]",
      "id": "CVE-2001-0949",
      "lastModified": "2024-11-20T23:36:30.727",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2001-12-04T05:00:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3621\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/3622\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3624\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3625\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3627\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3629\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3630\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3631\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3632\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3633\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3634\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3635\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3636\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.valicert.com/support/security_advisory_eva.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\", \"URL Repurposed\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7652\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/3622\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3625\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3631\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3632\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3633\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3634\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.valicert.com/support/security_advisory_eva.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\", \"URL Repurposed\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2001-0949\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-12-04T05:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9EDA8D-1427-4FFB-B6E5-44296B945F1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"847A5CCA-A8A1-4B07-B60F-69E0E56E9384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27251C41-296E-4635-9727-37D661080994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"474EF0B1-2D23-4149-A47B-F928DDB1F570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1DA047B-69A6-41D2-B98E-9753813F325F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB971CB-596A-4A53-A801-6934A64010E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473714FE-2743-4144-8A02-29E5981A26D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E49EE460-3930-45ED-B5C3-E7C72CECE122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8147DB94-C5FA-45FA-A601-3FF4D2F6C93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3621\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/3622\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3624\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3625\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3627\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3629\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3630\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3631\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3632\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3633\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3634\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3635\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3636\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.valicert.com/support/security_advisory_eva.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"URL Repurposed\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7652\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/3622\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.valicert.com/support/security_advisory_eva.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"URL Repurposed\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…