CVE-2001-0948

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.valicert.com/support/security_advisory_eva.html	Vendor Advisory URL Repurposed
http://www.securityfocus.com/bid/3619	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100749428517090&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7650

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:valicert:enterprise_validation_authority:3.6:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.3:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.0:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.8:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.2:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.1:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.5:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.4:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.9:::::::*
	cpe:2.3:a:valicert:enterprise_validation_authority:3.7:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.valicert.com/support/security_advisory_eva.html - Vendor Advisory~~	(CONFIRM) http://www.valicert.com/support/security_advisory_eva.html - Vendor Advisory, URL Repurposed

Information

Published : 2001-12-04 05:00

Updated : 2024-02-14 01:17

NVD link : CVE-2001-0948

Mitre link : CVE-2001-0948

JSON object : View

Products Affected

valicert

enterprise_validation_authority

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.valicert.com/support/security_advisory_eva.html", "name": "http://www.valicert.com/support/security_advisory_eva.html", "tags": ["Vendor Advisory", "URL Repurposed"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/3619", "name": "3619", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2", "name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650", "name": "eva-admin-script-injection(7650)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0948", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-12-04T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-02-14T01:17Z"}