Strix
26.1K

CVE-2001-0949

UnknownEPSS 4.06%

Last modified

CVE-2001-0949 is a vulnerability of currently unknown severity. Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.. EPSS estimates a 4.06% chance of exploitation in the next 30 days.

Description

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Metrics

EPSS Probability
4.06%

89.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
ValicertEnterprise Validation Authority3.3
ValicertEnterprise Validation Authority3.4
ValicertEnterprise Validation Authority3.5
ValicertEnterprise Validation Authority3.6
ValicertEnterprise Validation Authority3.7
ValicertEnterprise Validation Authority3.8
ValicertEnterprise Validation Authority3.9
ValicertEnterprise Validation Authority4.0
ValicertEnterprise Validation Authority4.1
ValicertEnterprise Validation Authority4.2
ValicertEnterprise Validation Authority4.2.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2001-0949?
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
How severe is CVE-2001-0949?
Severity scoring for CVE-2001-0949 is pending analysis. The EPSS model estimates a 4.06% probability of exploitation in the next 30 days.
How do I fix CVE-2001-0949?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2001-0949?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST