CVE-2001-0677 - Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the targ

CVE-2001-0677

Summary

Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.

References

http://www.osvdb.org/3085
http://www.securityfocus.com/archive/1/177369
http://www.securityfocus.com/bid/2616
https://exchange.xforce.ibmcloud.com/vulnerabilities/6431

Vulnerable Configurations

cpe:2.3:a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qualcomm:eudora:5.0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	2616
bugtraq	20010418 Eudora file leakage problem (still)
osvdb	3085
xf	eudora-plain-text-attachment(6431)

Last major update

10-10-2017 - 01:29

Published

20-09-2001 - 04:00

Last modified

10-10-2017 - 01:29