CVE-2001-0870

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/3598	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100715758109838&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7630

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:alchemy_lab:alchemy_eye:2.3:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.4:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.5:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.6:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:1.9:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.0:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.18:::::::*
	cpe:2.3:a:dek_software:alchemy_network_monitor::::::::
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.1:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.2:::::::*

Information

Published : 2001-12-20 21:00

Updated : 2017-12-18 18:29

NVD link : CVE-2001-0870

Mitre link : CVE-2001-0870

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

dek_software

alchemy_network_monitor

alchemy_lab

alchemy_eye

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/3598", "name": "3598", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=100715758109838&w=2", "name": "20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7630", "name": "alchemy-http-view-log(7630)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0870", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-12-21T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dek_software:alchemy_network_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.6.18"}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-19T02:29Z"}