Weekly Vulnerabilities Reports > August 6 to 12, 2001
Overview
9 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including Avaya, GNU, Linksys, Xerox, and Xemacs. Vulnerabilities are notably categorized as .
- 8 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities are exploitable by an anonymous user.
- Avaya has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Avaya has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-07 | CVE-2001-1260 | Avaya | Denial-Of-Service vulnerability in Argent Office Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot. | 10.0 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-12 | CVE-2001-1157 | Baltimore Technologies | Unspecified vulnerability in Baltimore Technologies Websweeper 4.0/4.02 Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | 7.5 |
| 2001-08-07 | CVE-2001-1262 | Avaya | Security Bypass vulnerability in Avaya Argent Office 2.1 Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string. | 7.5 |
5 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-10 | CVE-2001-1117 | Linksys | Unspecified vulnerability in Linksys Befsr41 LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. | 5.0 |
| 2001-08-09 | CVE-2001-1134 | Xerox | Unspecified vulnerability in Xerox Docuprint N40 Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. | 5.0 |
| 2001-08-07 | CVE-2001-1261 | Avaya | Denial-Of-Service vulnerability in Avaya Argent Office 2.1 Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file. | 5.0 |
| 2001-08-07 | CVE-2001-1259 | Avaya | Denial-Of-Service vulnerability in Argent Office Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload. | 5.0 |
| 2001-08-06 | CVE-2001-0647 | Orange Software | Unspecified vulnerability in Orange Software Orange web Server 2.1 Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version. | 5.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-07 | CVE-2001-1301 | GNU Xemacs | Local Security vulnerability in Xemacs rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | 1.2 |