Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1581

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1581
Last Modified 07 Mar 2011 09:10:29
Published 06 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1581

Summary

Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

Application

  • Mailreader.com 2.3.20

  • Mailreader.com 2.3.21

  • Mailreader.com 2.3.22

  • Mailreader.com 2.3.23

  • Mailreader.com 2.3.24

  • Mailreader.com 2.3.25

  • Mailreader.com 2.3.26

  • Mailreader.com 2.3.27

  • Mailreader.com 2.3.28

  • Mailreader.com 2.3.29

  • Mailreader.com 2.3.30

  • Mailreader.com 2.3.31


References

BID - 6055

BUGTRAQ - 20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com

XF - mailreader-dotdot-directory-traversal(10490)

DEBIAN - DSA-534

CONFIRM - http://mailreader.com/download/ChangeLog


Last Updated: 27 May 2016 10:37:24