PT-2001-2100 · Valicert · Valicert Enterprise Validation Authority
Published
2001-12-04
·
Updated
2024-02-14
·
CVE-2001-0947
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ValiCert Enterprise Validation Authority (EVA) versions 3.3 through 4.2.1
Description
The issue allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
Recommendations
For versions 3.3 through 4.2.1, update to a version that fixes this issue to prevent disclosure of the server's real pathname.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Valicert Enterprise Validation Authority