Lucene search

MitreCVE-2004-2586

HistoryNov 28, 2005 - 11:00 p.m.

CVE-2004-2586

2005-11-2823:00:00

mitre

web.nvd.nist.gov

cve

2004

2586

directory traversal

vulnerability

frmgetattachment.aspx

smartertools

smartermail

remote attackers

arbitrary files

filename parameter

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.

Affected configurations

Nvd

Node

smartertoolssmartermailMatch1.6.1511

smartertoolssmartermailMatch1.6.1529

VendorProductVersionCPE
smartertoolssmartermail1.6.1511cpe:2.3:a:smartertools:smartermail:1.6.1511:*:*:*:*:*:*:*
smartertoolssmartermail1.6.1529cpe:2.3:a:smartertools:smartermail:1.6.1529:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smartertools	smartermail	1.6.1511	cpe:2.3:a:smartertools:smartermail:1.6.1511:::::::*
smartertools	smartermail	1.6.1529	cpe:2.3:a:smartertools:smartermail:1.6.1529:::::::*

References

members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt

secunia.com/advisories/11042

securitytracker.com/id?1009307

www.zone-h.org/advisories/read/id=4098

exchange.xforce.ibmcloud.com/vulnerabilities/15389

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

Related for CVE-2004-2586