CVE-2001-1152

Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/212283	Vendor Advisory
http://www.mimesweeper.com/support/technotes/notes/1043.asp	Vendor Advisory
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:baltimore_technologies:websweeper:4.02:*:*:*:*:*:*:*

Information

Published : 2001-09-04 21:00

Updated : 2008-09-05 13:25

NVD link : CVE-2001-1152

Mitre link : CVE-2001-1152

JSON object : View

CWE

NVD-CWE-Other

Products Affected

baltimore_technologies

websweeper

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/212283", "name": "20010905 Various problems in Baltimore WebSweeper URL filtering", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.mimesweeper.com/support/technotes/notes/1043.asp", "name": "http://www.mimesweeper.com/support/technotes/notes/1043.asp", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296", "name": "3296", "tags": ["Vendor Advisory"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1152", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-09-05T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:baltimore_technologies:websweeper:4.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:25Z"}

7.5 /10