[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2139

Date: (C)2012-07-18   (M)2015-12-16
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Reference:
SECUNIA-48970
FEDORA-2012-7535
FEDORA-2012-7619
FEDORA-2012-7692
http://www.openwall.com/lists/oss-security/2012/04/25/8
http://www.openwall.com/lists/oss-security/2012/04/26/1
https://bugzilla.novell.com/show_bug.cgi?id=759092
https://bugzilla.redhat.com/show_bug.cgi?id=816352
https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f

CWE    1
CWE-22
OVAL    6
oval:org.secpod.oval:def:103813
oval:org.secpod.oval:def:103786
oval:org.secpod.oval:def:103787
oval:org.secpod.oval:def:103784
...

© 2013 SecPod Technologies