CVE-2001-0133
Summary
| CVE | CVE-2001-0133 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2001-03-12 05:00:00 UTC |
| Updated | 2008-09-05 20:23:00 UTC |
| Description | The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trend Micro | Interscan Viruswall | 3.0.1 | All | All | All |
| Application | Trend Micro | Interscan Viruswall | 3.0.1 | All | All | All |
| Application | Trend Micro | Interscan Viruswall | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Neohapsis Archives - Bugtraq - Trend Micro's VirusWall: Multiple vunerabilities - From [email protected] | BUGTRAQ | archives.neohapsis.com | Vendor Advisory |
| Trend Micro Interscan VirusWall Weak Admin Password Protection Vulnerability | BID | www.securityfocus.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.