CVE-2002-1004 - Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and

CVE-2002-1004

Summary

Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.

References

Vulnerable Configurations

cpe:2.3:a:argosoft:argosoft_mail_server:1.8.1.5:*:plus:*:*:*:*:*
cpe:2.3:a:argosoft:argosoft_mail_server:1.8.1.5:*:plus:*:*:*:*:*
cpe:2.3:a:argosoft:argosoft_mail_server:1.8.1.5:*:pro:*:*:*:*:*
cpe:2.3:a:argosoft:argosoft_mail_server:1.8.1.5:*:pro:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	5144
bugtraq	20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
confirm	http://www.argosoft.com/applications/mailserver/changelist.asp
xf	argosoft-dotdot-directory-traversal(9477)

Last major update

05-09-2008 - 20:29

Published

04-10-2002 - 04:00

Last modified

05-09-2008 - 20:29