[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0202Date: (C)2005-05-02   (M)2023-12-22


Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1013145
SECUNIA-14211
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html
http://marc.info/?l=bugtraq&m=110805795122386&w=2
APPLE-SA-2005-03-21
DSA-674
GLSA-200502-11
MDKSA-2005:037
RHSA-2005:136
RHSA-2005:137
SUSE-SA:2005:007
oval:org.mitre.oval:def:10657

CPE    7
cpe:/a:gnu:mailman:2.1b1
cpe:/a:gnu:mailman:2.1.1
cpe:/a:gnu:mailman:2.1
cpe:/a:gnu:mailman:2.1.5
...

© SecPod Technologies