fkie_nvd - fkie_cve-2015-0911

fkie_cve-2015-0911

Vulnerability from fkie_nvd

Published

2015-04-24 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling.

References

URL	Tags
vultures@jpcert.or.jp	http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/	Vendor Advisory
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN41653647/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN41653647/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055	Vendor Advisory

Impacted products

Vendor	Product	Version
dounokouno	transmitmail	1.0.11
dounokouno	transmitmail	1.1.0
dounokouno	transmitmail	1.1.1
dounokouno	transmitmail	1.1.2
dounokouno	transmitmail	1.1.3
dounokouno	transmitmail	1.1.4
dounokouno	transmitmail	1.2.0
dounokouno	transmitmail	1.2.1
dounokouno	transmitmail	1.3.0
dounokouno	transmitmail	1.3.1
dounokouno	transmitmail	1.4.0
dounokouno	transmitmail	1.4.1
dounokouno	transmitmail	1.4.2
dounokouno	transmitmail	1.5.0
dounokouno	transmitmail	1.5.1
dounokouno	transmitmail	1.5.2
dounokouno	transmitmail	1.5.3
dounokouno	transmitmail	1.5.4
dounokouno	transmitmail	1.5.5
dounokouno	transmitmail	1.5.6
dounokouno	transmitmail	1.5.7
dounokouno	transmitmail	1.5.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F0DED8-0655-45A2-88F6-A8674698FA07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE43C2C9-A576-469C-9CE6-1DFED80C4FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A8D24F-2C2B-4B3A-A5B6-688B533DA63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA36C32-F71A-49CF-B847-08B36A673151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "043BA0EE-3221-40D0-B550-1C5EEF48411A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92BDA13-7FC7-4E98-93F7-F9BF71189056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D518B16A-DF7B-4D57-972A-2AFA5592A53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB908B-5953-499C-AF72-C3A3678D534A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6AF884-6EC4-4E13-BBFA-C39583EC6E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5981120B-B35E-4267-A335-A07FB490ED8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "335EB0FD-F305-48A5-856C-6E31AF4C3176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "437CB136-9016-486F-9A6C-1EBE36282FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74386143-3136-479C-BEAC-21AF91FD54E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0012F5DB-DBEC-4FE5-9DE7-BF797E25380E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "272690F5-21E5-43EF-BE04-1584C714B576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28321C0A-A76B-4BCC-AA48-0CD8CDFD7A77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "41322543-2438-48EB-BBC5-1FBC81DEC033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B119E334-08B9-4B9D-A6C1-CBDF48B16164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA7636D-4554-48BA-94D1-9F64A9A779F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4917CAA-1C0B-4226-9663-8F23B026218B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "28C7DF8F-ECAA-49F5-AD56-9615AA560C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dounokouno:transmitmail:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C138F9A0-8827-4E60-8156-74472539C453",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en TAGAWA Takao TransmitMail 1.0.11 hasta 1.5.8 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores relacionados con el manejo de adjuntos."
    }
  ],
  "id": "CVE-2015-0911",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-24T01:59:01.613",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN41653647/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dounokouno.com/2015/04/20/transmitmail-%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN41653647/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000055"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-0911 (GCVE-0-2015-0911)

Vulnerability from cvelistv5

Published

2015-04-24 01:00