Vulnerability Description
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Com2001 | Alexis Server | 2.0 |
References
- http://online.securityfocus.com/archive/1/217200PatchVendor Advisory
- http://www.securityfocus.com/bid/3373
- http://online.securityfocus.com/archive/1/217200PatchVendor Advisory
- http://www.securityfocus.com/bid/3373
FAQ
What is CVE-2001-1254?
CVE-2001-1254 is a vulnerability with a CVSS score of 7.5 (HIGH). Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which c...
How severe is CVE-2001-1254?
CVE-2001-1254 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1254?
Check the references section above for vendor advisories and patch information. Affected products include: Com2001 Alexis Server.