Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:586556
HistoryOct 31, 2012 - 12:00 a.m.

Axigen Mail Server directory traversal vulnerability

2012-10-3100:00:00
www.kb.cert.org
18

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.13 Low

EPSS

Percentile

95.5%

JSON

Overview

Axigen Mail Server contains a directory traversal vulnerability.

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Axigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The ‘View Log Files’ page does not sufficiently filter '…' from web requests, making it possible for an attacker to browse, delete or download system files of the server.

Example:
<http://target.example.com:9000/?h=44ea8a6603cbf54e245f37b4ddaf8f36&amp;page=vlf&amp;action=edit&amp;fileName=…\…\…\windows\win.ini>
<http://target.example.com:9000/?h=44ea8a6603cbf54e245f37b4ddaf8f36&amp;page=vlf&amp;action=delete&amp;fileName=…\…\…\windows\win.ini>
<http://target.example.com:9000/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&amp;action=download&amp;fileName=…\…\…\windows\win.ini>

Impact

A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition or execute arbitrary code with the privileges of the application.

Solution

We are currently unaware of a practical solution to this problem.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing Axigen Mail Server web interface using stolen credentials from a blocked network location.

Vendor Information

586556

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Axigen Affected

Updated: October 29, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P
Temporal 5.9 E:H/RL:W/RC:UR
Environmental 1.5 CDP:N/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Zhao Liang of Beijing Leadsec Technology Co., Ltd for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2012-4940
Date Public: 2012-10-31 Date First Published:

Related

cve 1
nvd 1
checkpoint_advisories 1
nuclei 1
prion 1
cvelist 1
cve
cve
CVE-2012-4940
2012-10-31 19:55:00
nvd
nvd
CVE-2012-4940
2012-10-31 19:55:00
checkpoint_advisories
checkpoint_advisories
Axigen Arbitrary File Read and Delete (CVE-2012-4940)
2013-06-09 00:00:00
nuclei
nuclei
Axigen Mail Server Filename Directory Traversal
2021-11-15 15:47:27
prion
prion
Directory traversal
2012-10-31 19:55:00
cvelist
cvelist
CVE-2012-4940
2012-10-31 19:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.13 Low

EPSS

Percentile

95.5%

JSON
Related for VU:586556
cve1nvd1checkpoint_advisories1nuclei1prion1cvelist1