Lucene search

K
cve[email protected]CVE-2004-2284
HistoryJul 19, 2005 - 4:00 a.m.

CVE-2004-2284

2005-07-1904:00:00
web.nvd.nist.gov
34
information security
vulnerability
cve-2004-2284
openwebmail
remote execution
shell metacharacters

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

Affected configurations

NVD
Node
open_webmailopen_webmailMatch1.7
OR
open_webmailopen_webmailMatch1.8
OR
open_webmailopen_webmailMatch1.71
OR
open_webmailopen_webmailMatch1.81
OR
open_webmailopen_webmailMatch1.90
OR
open_webmailopen_webmailMatch2.20
OR
open_webmailopen_webmailMatch2.21
OR
open_webmailopen_webmailMatch2.30
OR
open_webmailopen_webmailMatch2.31
OR
open_webmailopen_webmailMatch2.32

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

Related for CVE-2004-2284