Vulnerabilities > CVE-2001-0523 - Unspecified vulnerability in Eeye Digital Security Secureiis and Securells

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

eeye-digital-security

NVD

Published: 2001-08-14

Updated: 2017-12-19

Summary

eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.

Vulnerable Configurations

Part	Description	Count
Application	Eeye_Digital_Security Eeye Digital Security Secureiis 1.0.2 Eeye Digital Security Securells *	2

References

http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6563
https://exchange.xforce.ibmcloud.com/vulnerabilities/6564