QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2001-0949

Back to search

CVE-2001-0949

Published: Feb 2, 2002

Modified: Aug 8, 2024

PUBLISHED

Description

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

VendorProductVersions

n/a

n/a

affected
n/a

References

3634
vdb-entry
x_refsource_BID
3631
vdb-entry
x_refsource_BID
3635
vdb-entry
x_refsource_BID
3628
vdb-entry
x_refsource_BID
3625
vdb-entry
x_refsource_BID
3636
vdb-entry
x_refsource_BID
3633
vdb-entry
x_refsource_BID
3630
vdb-entry
x_refsource_BID
3629
vdb-entry
x_refsource_BID
3621
vdb-entry
x_refsource_BID
3622
vdb-entry
x_refsource_BID
3627
vdb-entry
x_refsource_BID
3632
vdb-entry
x_refsource_BID
3624
vdb-entry
x_refsource_BID
eva-forms-bo(7652)
vdb-entry
x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now