Vulnerability Description
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Basilix | Basilix Webmail | 0.9.7_beta |
References
- http://www.securityfocus.com/archive/1/155897ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2198ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5934
- http://www.securityfocus.com/archive/1/155897ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2198ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5934
FAQ
What is CVE-2001-1044?
CVE-2001-1044 is a vulnerability with a CVSS score of 7.5 (HIGH). Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive inf...
How severe is CVE-2001-1044?
CVE-2001-1044 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1044?
Check the references section above for vendor advisories and patch information. Affected products include: Basilix Basilix Webmail.