{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-12-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T21:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "eva-forms-reveal-path(7649)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7649"}, {"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3615", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3615"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "eva-forms-reveal-path(7649)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7649"}, {"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"name": "http://www.valicert.com/support/security_advisory_eva.html", "refsource": "CONFIRM", "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3615", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3615"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:37:06.821Z"}, "title": "CVE Program Container", "references": [{"name": "eva-forms-reveal-path(7649)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7649"}, {"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3615", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3615"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0947", "datePublished": "2002-02-02T05:00:00.000Z", "dateReserved": "2002-01-31T00:00:00.000Z", "dateUpdated": "2024-08-08T04:37:06.821Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DC9EDA8D-1427-4FFB-B6E5-44296B945F1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "847A5CCA-A8A1-4B07-B60F-69E0E56E9384", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "27251C41-296E-4635-9727-37D661080994", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "474EF0B1-2D23-4149-A47B-F928DDB1F570", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "D1DA047B-69A6-41D2-B98E-9753813F325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "5DB971CB-596A-4A53-A801-6934A64010E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "473714FE-2743-4144-8A02-29E5981A26D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E49EE460-3930-45ED-B5C3-E7C72CECE122", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8147DB94-C5FA-45FA-A601-3FF4D2F6C93E", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path."}], "id": "CVE-2001-0947", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-04T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3615"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "URL Repurposed"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "URL Repurposed"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7649"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}