Vulnerability Description
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clearswift | Mimesweeper For Web | 4.0 |
References
- http://marc.info/?l=bugtraq&m=109224211512029&w=2
- http://marc.info/?l=bugtraq&m=109225567212978&w=2
- http://packetstormsecurity.nl/0408-exploits/clearswift.txtExploitVendor Advisory
- http://secunia.com/advisories/12273Vendor Advisory
- http://www.securityfocus.com/bid/10918ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16960
- http://marc.info/?l=bugtraq&m=109224211512029&w=2
- http://marc.info/?l=bugtraq&m=109225567212978&w=2
- http://packetstormsecurity.nl/0408-exploits/clearswift.txtExploitVendor Advisory
- http://secunia.com/advisories/12273Vendor Advisory
- http://www.securityfocus.com/bid/10918ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16960
FAQ
What is CVE-2004-1715?
CVE-2004-1715 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
How severe is CVE-2004-1715?
CVE-2004-1715 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1715?
Check the references section above for vendor advisories and patch information. Affected products include: Clearswift Mimesweeper For Web.