CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
98.7%
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./…/ sequence in the “extra” parameter to the help command, which causes the regular expression to produce … (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
Vendor | Product | Version | CPE |
---|---|---|---|
mj2 | majordomo_2 | * | cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110101 | cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110102 | cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110103 | cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110104 | cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110105 | cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110106 | cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110107 | cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110108 | cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:* |
mj2 | majordomo_2 | 20110109 | cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:* |