Lucene search

[email protected]CVE-2001-1100

HistoryOct 07, 2001 - 4:00 a.m.

CVE-2001-1100

2001-10-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

w3mail

1.0.2

sendmessage.cgi

remote command execution

cve-2001-1100.

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the ‘Compose Message’ page.

CPENameOperatorVersion
spencer_miles:w3mailspencer miles w3maileq1.0.2

CPE	Name	Operator	Version
spencer_miles:w3mail	spencer miles w3mail	eq	1.0.2

References

www.securityfocus.com/archive/1/218921

www.securityfocus.com/bid/3673

www.w3mail.org/ChangeLog

exchange.xforce.ibmcloud.com/vulnerabilities/7230

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2001-1100

openvas1 nessus1