Lucene search

MitreCVE-2008-0140

HistoryJan 08, 2008 - 7:46 p.m.

CVE-2008-0140

2008-01-0819:46:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-0140

directory traversal

uebimiau webmail

remote authenticated users

arbitrary file read

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a … (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.

Affected configurations

Nvd

Node

uebimiauwebmailMatch2.7.2

uebimiauwebmailMatch2.7.10

VendorProductVersionCPE
uebimiauwebmail2.7.2cpe:2.3:a:uebimiau:webmail:2.7.2:*:*:*:*:*:*:*
uebimiauwebmail2.7.10cpe:2.3:a:uebimiau:webmail:2.7.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uebimiau	webmail	2.7.2	cpe:2.3:a:uebimiau:webmail:2.7.2:::::::*
uebimiau	webmail	2.7.10	cpe:2.3:a:uebimiau:webmail:2.7.10:::::::*

References

www.attrition.org/pipermail/vim/2008-January/001867.html

www.securityfocus.com/bid/27154

exchange.xforce.ibmcloud.com/vulnerabilities/39460

www.exploit-db.com/exploits/4846

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2008-0140