Vulnerability Description
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baltimore Technologies | Websweeper | 4.02 |
References
- http://www.mimesweeper.com/support/technotes/notes/1043.aspVendor Advisory
- http://www.securityfocus.com/archive/1/212283Vendor Advisory
- http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296Vendor Advisory
- http://www.mimesweeper.com/support/technotes/notes/1043.aspVendor Advisory
- http://www.securityfocus.com/archive/1/212283Vendor Advisory
- http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296Vendor Advisory
FAQ
What is CVE-2001-1152?
CVE-2001-1152 is a vulnerability with a CVSS score of 7.5 (HIGH). Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested ...
How severe is CVE-2001-1152?
CVE-2001-1152 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1152?
Check the references section above for vendor advisories and patch information. Affected products include: Baltimore Technologies Websweeper.