Sign-up

ID

VAR-200108-0184


CVE

CVE-2001-0520


TITLE

Aladdin eSafe Gateway Filter bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200108-051

DESCRIPTION

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined. Esafe Gateway is prone to a remote security vulnerability. Vulnerabilities exist in Aladdin eSafe Gateway 3.0 and earlier versions

Trust: 1.26

sources: NVD: CVE-2001-0520 // BID: 88824 // VULHUB: VHN-3335

AFFECTED PRODUCTS

vendor:aladdin knowledgemodel:esafe gatewayscope:eqversion:3.0

Trust: 1.6

vendor:aladdinmodel:knowledge systems esafe gatewayscope:eqversion:3.0

Trust: 0.3

sources: BID: 88824 // CNNVD: CNNVD-200108-051 // NVD: CVE-2001-0520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0520
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200108-051
value: HIGH

Trust: 0.6

VULHUB: VHN-3335
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0520
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3335
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3335 // CNNVD: CNNVD-200108-051 // NVD: CVE-2001-0520

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0520

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200108-051

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200108-051

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3335

EXTERNAL IDS
db:NVDid:CVE-2001-0520
Trust: 2.0
db:XFid:6580
Trust: 0.9
db:CNNVDid:CNNVD-200108-051
Trust: 0.7
db:BUGTRAQid:20010529 ALADDIN ESAFE GATEWAY SCRIPT-FILTERING BYPASS THROUGH HTML TAGS
Trust: 0.6
db:BIDid:88824
Trust: 0.4
db:SEEBUGid:SSVID-74724
Trust: 0.1
db:EXPLOIT-DBid:20869
Trust: 0.1
db:VULHUBid:VHN-3335
Trust: 0.1
sources:
            
            
            VULHUB: VHN-3335 // 
            
            
            
            BID: 88824 // 
            
            
            
            CNNVD: CNNVD-200108-051 // 
            
            
            
            NVD: CVE-2001-0520

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
Trust: 1.1
url:http://xforce.iss.net/static/6580.php
Trust: 0.9
sources:
            
            
            VULHUB: VHN-3335 // 
            
            
            
            BID: 88824 // 
            
            
            
            CNNVD: CNNVD-200108-051 // 
            
            
            
            NVD: CVE-2001-0520

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 88824

SOURCES
db:VULHUBid:VHN-3335
db:BIDid:88824
db:CNNVDid:CNNVD-200108-051
db:NVDid:CVE-2001-0520

LAST UPDATE DATE
2024-08-14T13:51:33.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-3335date:2017-12-19T00:00:00
db:BIDid:88824date:2001-08-14T00:00:00
db:CNNVDid:CNNVD-200108-051date:2005-10-20T00:00:00
db:NVDid:CVE-2001-0520date:2017-12-19T02:29:21.800

SOURCES RELEASE DATE
db:VULHUBid:VHN-3335date:2001-08-14T00:00:00
db:BIDid:88824date:2001-08-14T00:00:00
db:CNNVDid:CNNVD-200108-051date:2001-08-14T00:00:00
db:NVDid:CVE-2001-0520date:2001-08-14T04:00:00