Lucene search

[email protected]CVE-2012-4940

HistoryOct 31, 2012 - 7:55 p.m.

CVE-2012-4940

2012-10-3119:55:00

CWE-22

[email protected]

web.nvd.nist.gov

axigen free mail server

view log files

directory traversal

vulnerability

cve-2012-4940

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a … (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

Affected configurations

NVD

Node

gecadaxigen_free_mail_serverMatch-

CPENameOperatorVersion
gecad:axigen_free_mail_servergecad axigen free mail servereq-

CPE	Name	Operator	Version
gecad:axigen_free_mail_server	gecad axigen free mail server	eq	-

References

www.kb.cert.org/vuls/id/586556

www.securityfocus.com/bid/56343

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2012-4940

checkpoint_advisories1 nuclei1 prion1 nvd1 cert1 cvelist1