Vulnerability Details CVE-2002-1581
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.097
EPSS Ranking 92.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://mailreader.com/download/ChangeLog
- http://mailreader.com/download/ChangeLog
- http://www.debian.org/security/2004/dsa-534
- http://www.iss.net/security_center/static/10490.php
- http://www.securityfocus.com/archive/1/297428
- http://www.securityfocus.com/bid/6055
- http://mailreader.com/download/ChangeLog
- http://mailreader.com/download/ChangeLog
- http://www.debian.org/security/2004/dsa-534
- http://www.iss.net/security_center/static/10490.php
- http://www.securityfocus.com/archive/1/297428
- http://www.securityfocus.com/bid/6055
Products affected by CVE-2002-1581
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.20
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.21
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.22
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.23
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.24
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.25
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.26
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.27
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.28
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.29
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.30
-
cpe:2.3:a:mailreader.com:mailreader.com:2.3.31
-
cpe:2.3:o:debian:debian_linux:3.0