CyberSec.Space Logo
返回 CVE 浏览器

CVE-2001-1481

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile27.40th
Published2001年12月31日
Last Modified2026年4月16日

Vulnerability Description

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

Affected Platforms (CPE)

📦
Xitami

Xitami

>= 2.4 and <= 2.5
📦
Xitami

Xitami

= 2.5

References & Advisories

🔗 http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
🔗 http://www.securityfocus.com/archive/1/242375
🔗 http://www.securityfocus.com/bid/3582
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/7600
🔗 http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
🔗 http://www.securityfocus.com/archive/1/242375
🔗 http://www.securityfocus.com/bid/3582
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/7600

相关漏洞威胁

CVE-2008-652010.0

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote att...

CVE-2008-651910.0

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2001-03915.0

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.