Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2331

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2002-2331
Last Modified 05 Sep 2008 04:32:56
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-2331

Summary

W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.

Vulnerable Systems

Application

  • Cascadesoft W3mail 1.0.2

  • Cascadesoft W3mail 1.0.3

  • Cascadesoft W3mail 1.0.4

  • Cascadesoft W3mail 1.0.5


References

BID - 5314

XF - w3mail-mime-attachment-execution(9680)

BUGTRAQ - 20020725 Medium security hole affecting W3Mail


Last Updated: 27 May 2016 10:37:42