Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1100

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1100
Last Modified 05 Sep 2008 04:25:41
Published 07 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1100

Summary

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.

Vulnerable Systems

Application

  • Spencer Miles W3mail 1.0.2


References

BUGTRAQ - 20011007 Bug found at W3Mail Webmail

XF - w3mail-metacharacters-command-execution(7230)

CONFIRM - http://www.w3mail.org/ChangeLog

BID - 3673


Last Updated: 27 May 2016 10:36:31