CVE-2011-0049

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0049
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://osvdb.org/70762
http://secunia.com/advisories/43125 Vendor Advisory
http://securityreason.com/securityalert/8061
http://www.exploit-db.com/exploits/16103
http://www.kb.cert.org/vuls/id/363726 US Government Resource
http://www.securityfocus.com/archive/1/516150/100/0/threaded
http://www.securityfocus.com/bid/46127 Exploit
http://www.securitytracker.com/id?1025024
http://www.vupen.com/english/advisories/2011/0288
https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=628064 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
https://sitewat.ch/en/Advisory/View/1 Exploit URL Repurposed
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*
cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*
History

No history.

Information

Published : 2011-02-04 01:00

Updated : 2024-02-14 01:17

NVD link : CVE-2011-0049

Mitre link : CVE-2011-0049

CVE.ORG link : CVE-2011-0049

JSON object : View

Products Affected

mj2

  • majordomo_2
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')