Vulnerability Description
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alchemy Lab | Alchemy Eye | 2.0 |
| Dek Software | Alchemy Network Monitor | <= 3.0.10 |
References
- http://marc.info/?l=bugtraq&m=100714173510535&w=2
- http://www.kb.cert.org/vuls/id/220715US Government Resource
- http://www.securityfocus.com/bid/3599Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7625
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7626
- http://marc.info/?l=bugtraq&m=100714173510535&w=2
- http://www.kb.cert.org/vuls/id/220715US Government Resource
- http://www.securityfocus.com/bid/3599Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7625
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7626
FAQ
What is CVE-2001-0871?
CVE-2001-0871 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2...
How severe is CVE-2001-0871?
CVE-2001-0871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0871?
Check the references section above for vendor advisories and patch information. Affected products include: Alchemy Lab Alchemy Eye, Dek Software Alchemy Network Monitor.