CVE-2001-0871

Description

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

Affected products

• alchemy_lab / alchemy_eye2.0 – 2.0
• alchemy_lab / alchemy_eye2.1 – 2.1
• alchemy_lab / alchemy_eye2.2 – 2.2
• alchemy_lab / alchemy_eye2.3 – 2.3
• alchemy_lab / alchemy_eye2.4 – 2.4
• alchemy_lab / alchemy_eye2.5 – 2.5
• alchemy_lab / alchemy_eye2.6 – 2.6
• alchemy_lab / alchemy_eye2.6.18 – 2.6.18
• alchemy_lab / alchemy_eye2.6.19 – 2.6.19
• alchemy_lab / alchemy_eye3.0 – 3.0
• alchemy_lab / alchemy_eye3.0.10 – 3.0.10
• dek_software / alchemy_network_monitor3.0.10

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=100714173510535&w=2
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7625
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7626
• MISChttp://www.securityfocus.com/bid/3599
• MISChttp://www.kb.cert.org/vuls/id/220715