Summary
Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.
(Taken from the security announcement by http://www.rapid7.com.)
Solution
Either disable HTTP access in Alchemy Eye, or require authentication for Alchemy Eye. Both of these can be set in the Alchemy Eye preferences.
More Information : http://www.securityfocus.com/archive/1/243404
Severity
Classification
-
CVE CVE-2001-0871 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AdaptBB Multiple Input Validation Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- ATutor password reminder SQL injection
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities