Vulnerability Description
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailreader.Com | Mailreader.Com | 2.3.20 |
| Debian | Debian Linux | 3.0 |
References
- http://mailreader.com/download/ChangeLog
- http://mailreader.com/download/ChangeLog
- http://www.debian.org/security/2004/dsa-534PatchVendor Advisory
- http://www.iss.net/security_center/static/10490.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/297428ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/6055ExploitPatchVendor Advisory
- http://mailreader.com/download/ChangeLog
- http://mailreader.com/download/ChangeLog
- http://www.debian.org/security/2004/dsa-534PatchVendor Advisory
- http://www.iss.net/security_center/static/10490.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/297428ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/6055ExploitPatchVendor Advisory
FAQ
What is CVE-2002-1581?
CVE-2002-1581 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLa...
How severe is CVE-2002-1581?
CVE-2002-1581 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1581?
Check the references section above for vendor advisories and patch information. Affected products include: Mailreader.Com Mailreader.Com, Debian Debian Linux.