Lucene search

K
cve[email protected]CVE-2004-2284
HistoryJul 19, 2005 - 4:00 a.m.

CVE-2004-2284

2005-07-1904:00:00
web.nvd.nist.gov
34
information security
vulnerability
cve-2004-2284
openwebmail
remote execution
shell metacharacters

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.3%

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

Affected configurations

NVD
Node
open_webmailopen_webmailMatch1.7
OR
open_webmailopen_webmailMatch1.8
OR
open_webmailopen_webmailMatch1.71
OR
open_webmailopen_webmailMatch1.81
OR
open_webmailopen_webmailMatch1.90
OR
open_webmailopen_webmailMatch2.20
OR
open_webmailopen_webmailMatch2.21
OR
open_webmailopen_webmailMatch2.30
OR
open_webmailopen_webmailMatch2.31
OR
open_webmailopen_webmailMatch2.32

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.3%

Related for CVE-2004-2284