CVE-2001-0947

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Published: Dec 4, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0947
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
valicert / enterprise_validation_authority	3.6	3.6.x
valicert / enterprise_validation_authority	3.3	3.3.x
valicert / enterprise_validation_authority	4.0	4.0.x
valicert / enterprise_validation_authority	3.8	3.8.x
valicert / enterprise_validation_authority	4.2	4.2.x
valicert / enterprise_validation_authority	4.1	4.1.x
valicert / enterprise_validation_authority	4.2.1	4.2.1.x
valicert / enterprise_validation_authority	3.5	3.5.x
valicert / enterprise_validation_authority	3.4	3.4.x
valicert / enterprise_validation_authority	3.9	3.9.x
valicert / enterprise_validation_authority	3.7	3.7.x

Vulnerability Database

288,816

CVE-2001-0947