Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-0133

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.

Published

2001-03-12T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trend_micro	interscan_viruswall	≤ 3.6	Yes
Application	trend_micro	interscan_viruswall	3.0.1	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/2212 Vendor Advisory ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/2212 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)