Weekly Vulnerabilities Reports > May 7 to 13, 2001

Overview

4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Easy Software Products, Apache, and Microsoft. Vulnerabilities are notably categorized as .

  • 3 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities are exploitable by an anonymous user.
  • Easy Software Products has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-05-10 CVE-2001-1332 Easy Software Products Remote Security vulnerability in CUPS

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-05-12 CVE-2001-1342 Apache Unspecified vulnerability in Apache Http Server

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

5.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-05-11 CVE-2001-1450 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".

2.6
2001-05-10 CVE-2001-1333 Easy Software Products Local Security vulnerability in CUPS

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

1.2