Lucene search

JpcertCVE-2015-2971

HistoryJul 19, 2015 - 10:59 a.m.

CVE-2015-2971

2015-07-1910:59:00

CWE-22

jpcert

web.nvd.nist.gov

cve-2015-2971

directory traversal

seeds

acmailer

remote authenticated users

file deletion

crafted string

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.

Affected configurations

Nvd

Node

seedsacmailerRange<3.8.18

seedsacmailerMatch3.9.0beta

seedsacmailerMatch3.9.1beta

seedsacmailerMatch3.9.2beta

seedsacmailerMatch3.9.3beta

seedsacmailerMatch3.9.4beta

seedsacmailerMatch3.9.5beta

seedsacmailerMatch3.9.6beta

seedsacmailerMatch3.9.7beta

seedsacmailerMatch3.9.8beta

seedsacmailerMatch3.9.9beta

seedsacmailerMatch3.9.10beta

seedsacmailerMatch3.9.11beta

VendorProductVersionCPE
seedsacmailer*cpe:2.3:a:seeds:acmailer:*:*:*:*:*:*:*:*
seedsacmailer3.9.0cpe:2.3:a:seeds:acmailer:3.9.0:beta:*:*:*:*:*:*
seedsacmailer3.9.1cpe:2.3:a:seeds:acmailer:3.9.1:beta:*:*:*:*:*:*
seedsacmailer3.9.2cpe:2.3:a:seeds:acmailer:3.9.2:beta:*:*:*:*:*:*
seedsacmailer3.9.3cpe:2.3:a:seeds:acmailer:3.9.3:beta:*:*:*:*:*:*
seedsacmailer3.9.4cpe:2.3:a:seeds:acmailer:3.9.4:beta:*:*:*:*:*:*
seedsacmailer3.9.5cpe:2.3:a:seeds:acmailer:3.9.5:beta:*:*:*:*:*:*
seedsacmailer3.9.6cpe:2.3:a:seeds:acmailer:3.9.6:beta:*:*:*:*:*:*
seedsacmailer3.9.7cpe:2.3:a:seeds:acmailer:3.9.7:beta:*:*:*:*:*:*
seedsacmailer3.9.8cpe:2.3:a:seeds:acmailer:3.9.8:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
seeds	acmailer	*	cpe:2.3:a:seeds:acmailer::::::::
seeds	acmailer	3.9.0	cpe:2.3:a:seeds:acmailer:3.9.0:beta::::::
seeds	acmailer	3.9.1	cpe:2.3:a:seeds:acmailer:3.9.1:beta::::::
seeds	acmailer	3.9.2	cpe:2.3:a:seeds:acmailer:3.9.2:beta::::::
seeds	acmailer	3.9.3	cpe:2.3:a:seeds:acmailer:3.9.3:beta::::::
seeds	acmailer	3.9.4	cpe:2.3:a:seeds:acmailer:3.9.4:beta::::::
seeds	acmailer	3.9.5	cpe:2.3:a:seeds:acmailer:3.9.5:beta::::::
seeds	acmailer	3.9.6	cpe:2.3:a:seeds:acmailer:3.9.6:beta::::::
seeds	acmailer	3.9.7	cpe:2.3:a:seeds:acmailer:3.9.7:beta::::::
seeds	acmailer	3.9.8	cpe:2.3:a:seeds:acmailer:3.9.8:beta::::::

Rows per page:

1-10 of 131

References

jvn.jp/en/jp/JVN64051989/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000098

www.acmailer.jp/info/de.cgi?id=58

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

Related for CVE-2015-2971