CVE-2001-0949

critical

Description

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7652

http://www.valicert.com/support/security_advisory_eva.html

http://www.securityfocus.com/bid/3636

http://www.securityfocus.com/bid/3635

http://www.securityfocus.com/bid/3634

http://www.securityfocus.com/bid/3633

http://www.securityfocus.com/bid/3632

http://www.securityfocus.com/bid/3631

http://www.securityfocus.com/bid/3630

http://www.securityfocus.com/bid/3629

http://www.securityfocus.com/bid/3628

http://www.securityfocus.com/bid/3627

http://www.securityfocus.com/bid/3625

http://www.securityfocus.com/bid/3624

http://www.securityfocus.com/bid/3622

http://www.securityfocus.com/bid/3621

http://marc.info/?l=bugtraq&m=100749428517090&w=2

Details

Source: Mitre, NVD

Published: 2001-12-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0446