ID CVE-2002-1581
Summary Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.21:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*
    cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:10)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 6055
bugtraq 20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com
confirm http://mailreader.com/download/ChangeLog
debian DSA-534
misc http://mailreader.com/download/ChangeLog
xf mailreader-dotdot-directory-traversal(10490)
Last major update 08-03-2011 - 02:10
Published 06-12-2004 - 05:00
Last modified 08-03-2011 - 02:10
Back to Top