Lucene search

[email protected]NVD:CVE-2011-2167

HistoryMay 24, 2011 - 11:55 p.m.

CVE-2011-2167

2011-05-2423:55:04

CWE-22

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.

Affected configurations

NVD

Node

dovecotdovecotMatch2.0.0

dovecotdovecotMatch2.0.1

dovecotdovecotMatch2.0.2

dovecotdovecotMatch2.0.3

dovecotdovecotMatch2.0.4

dovecotdovecotMatch2.0.5

dovecotdovecotMatch2.0.6

dovecotdovecotMatch2.0.7

dovecotdovecotMatch2.0.8

dovecotdovecotMatch2.0.9

dovecotdovecotMatch2.0.10

dovecotdovecotMatch2.0.11

dovecotdovecotMatch2.0.12

References

dovecot.org/pipermail/dovecot/2011-May/059085.html

openwall.com/lists/oss-security/2011/05/18/4

rhn.redhat.com/errata/RHSA-2013-0520.html

secunia.com/advisories/52311

www.dovecot.org/doc/NEWS-2.0

www.securityfocus.com/bid/48003

exchange.xforce.ibmcloud.com/vulnerabilities/67674

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for NVD:CVE-2011-2167

ubuntucve1 debiancve1 cvelist1 cve1 prion1 openvas8 veracode1 centos1 nessus5 redhat1 oraclelinux1 securityvulns1 gentoo1