Lucene search

[email protected]CVE-2004-2458

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2458

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2458

open webmail

security vulnerability

remote attack

directory creation

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.3%

JSON

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.

CPENameOperatorVersion
open_webmail:open_webmailopen webmaileq1.7
open_webmail:open_webmailopen webmaileq1.81
open_webmail:open_webmailopen webmaileq2.30
open_webmail:open_webmailopen webmaileq1.71
open_webmail:open_webmailopen webmaileq1.8
open_webmail:open_webmailopen webmaileq1.90

CPE	Name	Operator	Version
open_webmail:open_webmail	open webmail	eq	1.7
open_webmail:open_webmail	open webmail	eq	1.81
open_webmail:open_webmail	open webmail	eq	2.30
open_webmail:open_webmail	open webmail	eq	1.71
open_webmail:open_webmail	open webmail	eq	1.8
open_webmail:open_webmail	open webmail	eq	1.90

References

openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch

secunia.com/advisories/11334

www.securityfocus.com/bid/10087

exchange.xforce.ibmcloud.com/vulnerabilities/15822

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.3%

JSON