Vulnerabilities > CVE-2001-0871 - Remote Command Execution vulnerability in Alchemy Eye

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

alchemy-lab

dek-software

nessus

NVD

Published: 2001-12-21

Updated: 2017-12-19

Summary

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

Vulnerable Configurations

Part	Description	Count
Application	Alchemy_Lab Alchemy LAB Alchemy EYE 2.0 Alchemy LAB Alchemy EYE 2.1 Alchemy LAB Alchemy EYE 2.2 Alchemy LAB Alchemy EYE 2.3 Alchemy LAB Alchemy EYE 2.4 Alchemy LAB Alchemy EYE 2.5 Alchemy LAB Alchemy EYE 2.6 Alchemy LAB Alchemy EYE 2.6.18 Alchemy LAB Alchemy EYE 2.6.19 Alchemy LAB Alchemy EYE 3.0 Alchemy LAB Alchemy EYE 3.0.10	11
Application	Dek_Software DEK Software Alchemy Network Monitor *	1

Nessus

NASL family	CGI abuses
NASL id	ALCHEMY_EYE_HTTP.NASL
description	Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.
last seen	2020-06-01
modified	2020-06-02
plugin id	10818
published	2001-12-03
reporter	This script is Copyright (C) 2001-2018 H D Moore & Drew Hintz ( http://guh.nu )
source	https://www.tenable.com/plugins/nessus/10818
title	Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution

Summary

Vulnerable Configurations

Nessus

References