Baltimore Technologies : Security Vulnerabilities, CVEs, CVSS score >= 2
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
Max CVSS
7.5
EPSS Score
0.69%
Published
2001-08-12
Updated
2008-09-05
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
Max CVSS
7.5
EPSS Score
0.69%
Published
2001-09-05
Updated
2008-09-05
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
Max CVSS
5.0
EPSS Score
0.86%
Published
2001-06-27
Updated
2017-12-19
3 vulnerabilities found