CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1481

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile27.40th
PublishedDec 31, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

Affected Platforms (CPE)

πŸ“¦
Xitami

Xitami

>= 2.4 and <= 2.5
πŸ“¦
Xitami

Xitami

= 2.5

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
πŸ”— http://www.securityfocus.com/archive/1/242375
πŸ”— http://www.securityfocus.com/bid/3582
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7600
πŸ”— http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
πŸ”— http://www.securityfocus.com/archive/1/242375
πŸ”— http://www.securityfocus.com/bid/3582
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7600

Related Vulnerabilities

CVE-2008-652010.0

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote att...

CVE-2008-651910.0

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2001-03915.0

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.