Vulnerability Description
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dovecot | Dovecot | 0.99.13 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32768Vendor Advisory
- http://secunia.com/advisories/36904
- http://www.dovecot.org/list/dovecot/2008-November/035259.htmlPatch
- http://www.securityfocus.com/bid/32582
- http://www.ubuntu.com/usn/USN-838-1
- http://www.vupen.com/english/advisories/2008/3190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46672
- http://secunia.com/advisories/32768Vendor Advisory
- http://secunia.com/advisories/36904
- http://www.dovecot.org/list/dovecot/2008-November/035259.htmlPatch
- http://www.securityfocus.com/bid/32582
- http://www.ubuntu.com/usn/USN-838-1
- http://www.vupen.com/english/advisories/2008/3190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46672
FAQ
What is CVE-2008-5301?
CVE-2008-5301 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script n...
How severe is CVE-2008-5301?
CVE-2008-5301 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5301?
Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot.