Vulnerabilities > CVE-2001-0520 - Remote Security vulnerability in Aladdin Knowledge Systems Esafe Gateway 3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
aladdin-knowledge-systems
exploit available
NVD
Published: 2001-08-14
Updated: 2017-12-19

Summary

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.

Vulnerable Configurations

Part Description Count
Application
Aladdin_Knowledge_Systems
1

Exploit-Db

descriptioneSafe Gateway 2.1 Script-filtering Bypass Vulnerability. CVE-2001-0520. Remote exploits for multiple platform
idEDB-ID:20869
last seen2016-02-02
modified2001-05-20
published2001-05-20
reportereDvice Security Services
sourcehttps://www.exploit-db.com/download/20869/
titleeSafe Gateway 2.1 Script-filtering Bypass Vulnerability

References