Weekly Vulnerabilities Reports > August 6 to 12, 2001

Overview

9 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including Avaya, Linksys, GNU, Xerox, and Xemacs. Vulnerabilities are notably categorized as .

  • 8 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities are exploitable by an anonymous user.
  • Avaya has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Avaya has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-07 CVE-2001-1260 Avaya Denial-Of-Service vulnerability in Argent Office

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.

10.0

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-12 CVE-2001-1157 Baltimore Technologies Unspecified vulnerability in Baltimore Technologies Websweeper 4.0/4.02

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.

7.5
2001-08-07 CVE-2001-1262 Avaya Security Bypass vulnerability in Avaya Argent Office 2.1

Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.

7.5

5 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-10 CVE-2001-1117 Linksys Unspecified vulnerability in Linksys Befsr41

LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.

5.0
2001-08-09 CVE-2001-1134 Xerox Unspecified vulnerability in Xerox Docuprint N40

Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.

5.0
2001-08-07 CVE-2001-1261 Avaya Denial-Of-Service vulnerability in Avaya Argent Office 2.1

Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.

5.0
2001-08-07 CVE-2001-1259 Avaya Denial-Of-Service vulnerability in Argent Office

Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.

5.0
2001-08-06 CVE-2001-0647 Orange Software Unspecified vulnerability in Orange Software Orange web Server 2.1

Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-07 CVE-2001-1301 GNU
Xemacs
Local Security vulnerability in Xemacs

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

1.2