CVE-2001-0949
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
| Software | From | Fixed in |
|---|---|---|
| valicert / enterprise_validation_authority | 3.6 | 3.6.x |
| valicert / enterprise_validation_authority | 3.3 | 3.3.x |
| valicert / enterprise_validation_authority | 4.0 | 4.0.x |
| valicert / enterprise_validation_authority | 3.8 | 3.8.x |
| valicert / enterprise_validation_authority | 4.2 | 4.2.x |
| valicert / enterprise_validation_authority | 4.1 | 4.1.x |
| valicert / enterprise_validation_authority | 4.2.1 | 4.2.1.x |
| valicert / enterprise_validation_authority | 3.5 | 3.5.x |
| valicert / enterprise_validation_authority | 3.4 | 3.4.x |
| valicert / enterprise_validation_authority | 3.9 | 3.9.x |
| valicert / enterprise_validation_authority | 3.7 | 3.7.x |
- http://marc.info/?l=bugtraq&m=100749428517090&w=2
- http://www.securityfocus.com/bid/3621
- http://www.securityfocus.com/bid/3622
- http://www.securityfocus.com/bid/3624
- http://www.securityfocus.com/bid/3625
- http://www.securityfocus.com/bid/3627
- http://www.securityfocus.com/bid/3628
- http://www.securityfocus.com/bid/3629
- http://www.securityfocus.com/bid/3630
- http://www.securityfocus.com/bid/3631
- http://www.securityfocus.com/bid/3632
- http://www.securityfocus.com/bid/3633
- http://www.securityfocus.com/bid/3634
- http://www.securityfocus.com/bid/3635
- http://www.securityfocus.com/bid/3636
- http://www.valicert.com/support/security_advisory_eva.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7652
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime