Vulnerability Description
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Interscan Viruswall | <= 3.6 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.htmlVendor Advisory
- http://www.securityfocus.com/bid/2212Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.htmlVendor Advisory
- http://www.securityfocus.com/bid/2212Vendor Advisory
FAQ
What is CVE-2001-0133?
CVE-2001-0133 is a vulnerability with a CVSS score of 10.0 (HIGH). The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator p...
How severe is CVE-2001-0133?
CVE-2001-0133 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0133?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Interscan Viruswall.