Unrated severityNVD Advisory· Published Dec 4, 2001· Updated Apr 16, 2026

CVE-2001-0947

Description

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Affected products

Valicert/Enterprise Validation Authority11 versions
cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/3615nvdPatchVendor Advisory
www.valicert.com/support/security_advisory_eva.htmlnvdVendor AdvisoryURL Repurposed
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/7649nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000