CVE-2001-1254
CVSS7.5
发布时间 :2001-09-27 00:00:00
修订时间 :2008-09-10 15:10:03
NMCOS    

[原文]Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.


[CNNVD]COM2001 Alexis Server Web Access明文密码漏洞(CNNVD-200109-130)

        InternetPBX的COM2001 Alexis 2.0和2.1版本的Web Access组件会借助向服务器8888端口发送信息的Java小程序发送clear中的用户名和声音邮件密码,远程攻击者可以利用该漏洞借助数据盗窃窃取密码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:com2001:alexis_server:2.0
cpe:/a:com2001:alexis_server:2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1254
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1254
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200109-130
(官方数据源) CNNVD

- 其它链接及资源

http://online.securityfocus.com/archive/1/217200
(VENDOR_ADVISORY)  BUGTRAQ  20010927 Two problems with Alexis/InternetPBX from COM2001
http://www.securityfocus.com/bid/3373
(UNKNOWN)  BID  3373

- 漏洞信息

COM2001 Alexis Server Web Access明文密码漏洞
高危 设计错误
2001-09-27 00:00:00 2005-10-20 00:00:00
远程  
        InternetPBX的COM2001 Alexis 2.0和2.1版本的Web Access组件会借助向服务器8888端口发送信息的Java小程序发送clear中的用户名和声音邮件密码,远程攻击者可以利用该漏洞借助数据盗窃窃取密码。

- 公告与补丁

        The vendor is aware of this issue and will release a fix in an upcoming service pack.

- 漏洞信息

14231
COM2001 InternetPBX Alexis Auth Credential Cleartext Transmission
Cryptographic, Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-09-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

COM2001 Alexis Server Web Access Plaintext Password Vulnerabilty
Design Error 3373
Yes No
2001-09-27 12:00:00 2009-07-11 07:56:00
This vulnerability was submitted to BugTraq on September 27th, 2001 by Clint Byrum <cbyrum@erp.com>.

- 受影响的程序版本

COM2001 Alexis Server 2.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
COM2001 Alexis Server 2.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
COM2001 Alexis Server 1.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 不受影响的程序版本

COM2001 Alexis Server 1.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

COM2001 Alexis Server is commercial voicemail/internet-based PBX management software for Microsoft Windows NT/2000 and Exchange systems.

The Web Access component in Alexis Server transmits usernames/passwords in plaintext. Alexis Server v2.1 has the option to secure transmissions using SSL. However, as a side effect the Web Access toolbar opens a java applet which sends the username/password back to the server.
If the transmitted information is sniffed at this point then the username/password will be disclosed to the attacker.

It should be noted that Alexis Server 1.1 is not prone to this issue. Alexis Server 2.0 should be considered extra vulnerable as it does not include the option to use SSL to secure communications.

Sucessful exploitation of this issue will allow a remote attacker to gain unauthorized access to voicemail and PBX services.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor is aware of this issue and will release a fix in an upcoming service pack.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站