Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1050

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1050
Last Modified 13 Feb 2012 05:40:06
Published 13 Feb 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1050

Summary

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header.

Vulnerable Systems

Application

  • Mathopd 1.4

  • Mathopd 1.4 P1

  • Mathopd 1.4 P2

  • Mathopd 1.5 P3

  • Mathopd 1.5 P4

  • Mathopd 1.5 P4 1

  • Mathopd 1.5 P4 2

  • Mathopd 1.5 P5

  • Mathopd 1.5 P6


References

XF - mathopd-http-directory-traversal(73049)

SECTRACK - 1026641

CONFIRM - http://www.mathopd.org/security.html

MLIST - [mathopd] 20120202 security alert: directory traversal when using * in Location

SECUNIA - 47908

OSVDB - 78896

BUGTRAQ - 20120203 Mathopd - Directory Traversal Vulnerability


Last Updated: 27 May 2016 10:58:15