Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=100749428517090&w=2 | |
http://www.securityfocus.com/bid/3615 | Patch Vendor Advisory |
http://www.valicert.com/support/security_advisory_eva.html | Vendor Advisory URL Repurposed |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7649 |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.valicert.com/support/security_advisory_eva.html - Vendor Advisory, URL Repurposed |
Information
Published : 2001-12-04 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2001-0947
Mitre link : CVE-2001-0947
CVE.ORG link : CVE-2001-0947
JSON object : View
Products Affected
valicert
- enterprise_validation_authority
CWE