Lucene search

[email protected]CVE-2002-0417

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0417

2002-08-1204:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0417

endymion mailman

directory traversal

remote attack

vulnerability.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a … (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.

Affected configurations

NVD

Node

endymionmailman_webmailMatch3.0

endymionmailman_webmailMatch3.0.1

endymionmailman_webmailMatch3.0.2

endymionmailman_webmailMatch3.0.4

endymionmailman_webmailMatch3.0.6

endymionmailman_webmailMatch3.0.7

endymionmailman_webmailMatch3.0.8

endymionmailman_webmailMatch3.0.10

endymionmailman_webmailMatch3.0.11

endymionmailman_webmailMatch3.0.12

endymionmailman_webmailMatch3.0.13

endymionmailman_webmailMatch3.0.14

endymionmailman_webmailMatch3.0.15

endymionmailman_webmailMatch3.0.16

endymionmailman_webmailMatch3.0.18

endymionmailman_webmailMatch3.0.19

endymionmailman_webmailMatch3.0.20

endymionmailman_webmailMatch3.0.21

endymionmailman_webmailMatch3.0.22

endymionmailman_webmailMatch3.0.23

endymionmailman_webmailMatch3.0.24

endymionmailman_webmailMatch3.0.26

endymionmailman_webmailMatch3.0.27

endymionmailman_webmailMatch3.0.28

endymionmailman_webmailMatch3.0.29

endymionmailman_webmailMatch3.0.30

endymionmailman_webmailMatch3.0.31

endymionmailman_webmailMatch3.0.32

endymionmailman_webmailMatch3.0.33

endymionmailman_webmailMatch3.0.34

endymionmailman_webmailMatch3.0.35

CPENameOperatorVersion
endymion:mailman_webmailendymion mailman webmaileq3.0
endymion:mailman_webmailendymion mailman webmaileq3.0.1
endymion:mailman_webmailendymion mailman webmaileq3.0.2
endymion:mailman_webmailendymion mailman webmaileq3.0.4
endymion:mailman_webmailendymion mailman webmaileq3.0.6
endymion:mailman_webmailendymion mailman webmaileq3.0.7
endymion:mailman_webmailendymion mailman webmaileq3.0.8
endymion:mailman_webmailendymion mailman webmaileq3.0.10
endymion:mailman_webmailendymion mailman webmaileq3.0.11
endymion:mailman_webmailendymion mailman webmaileq3.0.12

CPE	Name	Operator	Version
endymion:mailman_webmail	endymion mailman webmail	eq	3.0
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.1
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.2
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.4
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.6
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.7
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.8
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.10
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.11
endymion:mailman_webmail	endymion mailman webmail	eq	3.0.12

Rows per page:

1-10 of 311

References

online.securityfocus.com/archive/1/259730

www.endymion.com/products/mailman/history.htm

www.iss.net/security_center/static/8357.php

www.securityfocus.com/bid/4222

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2002-0417

nvd1 cvelist1