CVE Vulnerabilities

CVE-2001-1254

Published: Sep 27, 2001 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.

Affected Software

Name Vendor Start Version End Version
Alexis_server Com2001 2.0 2.0
Alexis_server Com2001 2.1 2.1

References