{"vuid":"VU#220715","idnumber":"220715","name":"Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution","keywords":["Alchemy Eye HTTP Server","Network Monitor","user input","remote command execution"],"overview":"Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution.","clean_desc":"Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP requests, allowing attackers to execute arbitrary commands.","impact":"Remote attackers can execute arbitrary commands on the server.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Rapid 7 for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://www.rapid7.com/advisories/R7-0001.txt","http://www.securityfocus.com/bid/3599","http://www.alchemy-lab.com/products/eye/","http://www.deksoftware.com/alchemy/"],"cveids":["CVE-2001-0871"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-11-30T20:59:28Z","publicdate":"2001-11-29T00:00:00Z","datefirstpublished":"2002-09-27T16:07:00Z","dateupdated":"2003-09-18T20:14:33Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"6","cam_population":"5","cam_impact":"11","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"6.496875","cam_scorecurrentwidelyknown":"8.04375","cam_scorecurrentwidelyknownexploited":"14.23125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.496875,"vulnote":null}