CVE-2001-0871 - OpenCVE

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alchemy Lab	Alchemy Eye
Dek Software	Alchemy Network Monitor

Configuration 1 [-]

OR	cpe:2.3:a:alchemy_lab:alchemy_eye:2.0:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.1:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.2:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.3:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.4:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.5:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.6:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.18:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.19:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:3.0:::::::*
	cpe:2.3:a:alchemy_lab:alchemy_eye:3.0.10:::::::*
	cpe:2.3:a:dek_software:alchemy_network_monitor::::::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=100714173510535&w=2
http://www.kb.cert.org/vuls/id/220715
http://www.securityfocus.com/bid/3599
https://exchange.xforce.ibmcloud.com/vulnerabilities/7625
https://exchange.xforce.ibmcloud.com/vulnerabilities/7626

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2001-11-30T05:00:00

Updated: 2024-08-08T04:37:07.021Z

Reserved: 2001-11-30T00:00:00

Link: CVE-2001-0871

Vulnrichment

No data.

NVD

Status : Modified

Published: 2001-12-21T05:00:00.000

Modified: 2017-12-19T02:29:28.113

Link: CVE-2001-0871

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100714173510535&w=2"}, {"name": "alchemy-http-dot-commands(7625)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7625"}, {"name": "alchemy-http-dot-variant(7626)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7626"}, {"name": "3599", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3599"}, {"name": "VU#220715", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/220715"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0871", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100714173510535&w=2"}, {"name": "alchemy-http-dot-commands(7625)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7625"}, {"name": "alchemy-http-dot-variant(7626)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7626"}, {"name": "3599", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3599"}, {"name": "VU#220715", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/220715"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:37:07.021Z"}, "title": "CVE Program Container", "references": [{"name": "20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=100714173510535&w=2"}, {"name": "alchemy-http-dot-commands(7625)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7625"}, {"name": "alchemy-http-dot-variant(7626)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7626"}, {"name": "3599", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3599"}, {"name": "VU#220715", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/220715"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0871", "datePublished": "2001-11-30T05:00:00", "dateReserved": "2001-11-30T00:00:00", "dateUpdated": "2024-08-08T04:37:07.021Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C57D4BEB-8A2B-434D-9259-F0D74680583F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "125F5340-4E2E-4398-92D4-D1596556EC71", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3CC27884-242B-408E-BF52-4BAA7230648F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B35A9CDC-2B00-4463-B003-5DC83D8F741A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B0E5C679-06B1-4FEA-BCFE-384A098A673A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE5C405F-F6EE-4893-BC33-6541D1968928", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "672B793F-E68D-48E7-89F8-D7CD7B6A3853", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "4B816AAB-8EA9-4404-9782-401D5D49F74C", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:2.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "B091D4AB-C1FE-43BF-AD6A-E4EAC20C2C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E47EAEB3-A164-4763-8B2F-C5DB2610CD27", "vulnerable": true}, {"criteria": "cpe:2.3:a:alchemy_lab:alchemy_eye:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "975B14B0-A28C-46B7-9B24-D077486D275F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dek_software:alchemy_network_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B42DEE5A-9EEF-4735-96B2-51E7FEE4C68C", "versionEndIncluding": "3.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10."}, {"lang": "es", "value": "Vulnerabilidad de atravesamiento de directorios en servidor HTTP para Alchemy Eye y Alchemy Network Monitor permite a atacantes remotos ejecutar comandos arbitrarios mediante una petici\u00f3n HTTP conteniendoun .. (punto punto) en versi\u00f3n 2.0 a 2.6.16, oun n\u00f3mbre de dispositivo de DOS seguido por .. en versiones 2.6.19 a 3.0.10"}], "id": "CVE-2001-0871", "lastModified": "2017-12-19T02:29:28.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-21T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=100714173510535&w=2"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/220715"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3599"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7625"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7626"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}