CVE-2001-1254 - OpenCVE

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Com2001	Alexis Server

Configuration 1 [-]

OR	cpe:2.3:a:com2001:alexis_server:2.0:::::::*
	cpe:2.3:a:com2001:alexis_server:2.1:::::::*

References

Link	Resource
http://online.securityfocus.com/archive/1/217200	Patch Vendor Advisory
http://www.securityfocus.com/bid/3373

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2002-05-09T09:00:00

Reserved: 2002-05-01T00:00:00

Link: CVE-2001-1254

JSON object: View

NVD Information

Status : Analyzed

Published: 2001-09-27T04:00:00.000

Modified: 2008-09-10T19:10:03.103

Link: CVE-2001-1254

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-05-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3373", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3373"}, {"name": "20010927 Two problems with Alexis/InternetPBX from COM2001", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/217200"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1254", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3373", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3373"}, {"name": "20010927 Two problems with Alexis/InternetPBX from COM2001", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/217200"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1254", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2002-05-09T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}