CVE-2001-1118 : A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded UR

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.

Published 2001-08-02 04:00:00

Updated 2017-10-10 01:30:01

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2001-1118

Probability of exploitation activity in the next 30 days: 1.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-1118

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2001-1118

https://exchange.xforce.ibmcloud.com/vulnerabilities/6937
http://www.securityfocus.com/bid/3145

Patch;Vendor Advisory
http://download.roxen.com/2.0/patch/security-notice.html
http://www.securityfocus.com/archive/1/201476

Patch;Vendor Advisory
http://www.securityfocus.com/archive/1/201499

Products affected by CVE-2001-1118

Roxen » Roxen Webserver » Version: 2.0
cpe:2.3:a:roxen:roxen_webserver:2.0:*:*:*:*:*:*:*
Matching versions
Roxen » Roxen Webserver » Version: 2.1
cpe:2.3:a:roxen:roxen_webserver:2.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-1118

Exploit prediction scoring system (EPSS) score for CVE-2001-1118

CVSS scores for CVE-2001-1118

References for CVE-2001-1118

Products affected by CVE-2001-1118