CVE-2001-0133
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2001-02-06 CVE Reserved
- 2001-02-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html | 2008-09-05 | |
| http://www.securityfocus.com/bid/2212 | 2008-09-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Interscan Viruswall Search vendor "Trend Micro" for product "Interscan Viruswall" | <= 3.6 Search vendor "Trend Micro" for product "Interscan Viruswall" and version " <= 3.6" | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Interscan Viruswall Search vendor "Trend Micro" for product "Interscan Viruswall" | 3.0.1 Search vendor "Trend Micro" for product "Interscan Viruswall" and version "3.0.1" | - |
Affected
| ||||||