CVE-2001-0447 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Software602	602Pro Lan Suite	2000a_2000.0.1.34

References

http://www.securityfocus.com/archive/1/171418Vendor Advisory
http://www.securityfocus.com/bid/2514Vendor Advisory
http://www.securityfocus.com/archive/1/171418Vendor Advisory
http://www.securityfocus.com/bid/2514Vendor Advisory

FAQ

What is CVE-2001-0447?

CVE-2001-0447 is a vulnerability with a CVSS score of 7.5 (HIGH). Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) character...

How severe is CVE-2001-0447?

CVE-2001-0447 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-0447?

Check the references section above for vendor advisories and patch information. Affected products include: Software602 602Pro Lan Suite.