Vulnerability Details : CVE-2001-1152
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
Exploit prediction scoring system (EPSS) score for CVE-2001-1152
Probability of exploitation activity in the next 30 days: 0.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-1152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2001-1152
-
http://www.mimesweeper.com/support/technotes/notes/1043.asp
Vendor Advisory
-
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296
Vendor Advisory
-
http://www.securityfocus.com/archive/1/212283
Vendor Advisory
Products affected by CVE-2001-1152
- cpe:2.3:o:baltimore_technologies:websweeper:4.02:*:*:*:*:*:*:*