CVE-2001-0948

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.valicert.com/support/security_advisory_eva.html	Vendor Advisory
http://www.securityfocus.com/bid/3619	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100749428517090&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7650

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:valicert:enterprise_validation_authority:3.7:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.8:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.9:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.0:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.5:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.6:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.3:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.4:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.1:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.2:::::::*

Information

Published : 2001-12-03 21:00

Updated : 2017-12-18 18:29

NVD link : CVE-2001-0948

Mitre link : CVE-2001-0948

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

valicert

enterprise_validation_authority

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.valicert.com/support/security_advisory_eva.html", "name": "http://www.valicert.com/support/security_advisory_eva.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/3619", "name": "3619", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2", "name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650", "name": "eva-admin-script-injection(7650)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0948", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-12-04T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-19T02:29Z"}