CVE-2001-1157 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2001-1157?

CVE-2001-1157 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2001-1157?

Check the references section above for vendor advisories and patch information. Affected products include: Baltimore Technologies Websweeper.

Vulnerability Description

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Baltimore Technologies	Websweeper	4.0

References

http://www.securityfocus.com/archive/1/203821Vendor Advisory
http://www.securityfocus.com/bid/3172Vendor Advisory
http://www.securityfocus.com/bid/3173Vendor Advisory
http://www.securityfocus.com/archive/1/203821Vendor Advisory
http://www.securityfocus.com/bid/3172Vendor Advisory
http://www.securityfocus.com/bid/3173Vendor Advisory

FAQ

What is CVE-2001-1157?

CVE-2001-1157 is a vulnerability with a CVSS score of 7.5 (HIGH). Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or mor...

How severe is CVE-2001-1157?

CVE-2001-1157 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-1157?

Check the references section above for vendor advisories and patch information. Affected products include: Baltimore Technologies Websweeper.