Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1044

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1044
Last Modified 05 Sep 2008 04:25:32
Published 11 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1044

Summary

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

Vulnerable Systems

Application

  • Basilix Webmail 0.9.7 Beta


References

BID - 2198

BUGTRAQ - 20010112 Basilix Webmail System *.class *.inc Permission Vulnerability

XF - basilix-webmail-retrieve-files(5934)


Last Updated: 27 May 2016 10:36:30