Back to search
CVE-2001-0870
Published: Nov 30, 2001
Modified: Aug 8, 2024
PUBLISHED
Description
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
alchemy-http-view-log(7630)
vdb-entry
x_refsource_XF
20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
mailing-list
x_refsource_BUGTRAQ
3598
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now