Lucene search

K
nvd[email protected]NVD:CVE-2011-2167
HistoryMay 24, 2011 - 11:55 p.m.

CVE-2011-2167

2011-05-2423:55:04
CWE-22
web.nvd.nist.gov
9

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6

Confidence

Low

EPSS

0.005

Percentile

77.1%

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.

Affected configurations

Nvd
Node
dovecotdovecotMatch2.0.0
OR
dovecotdovecotMatch2.0.1
OR
dovecotdovecotMatch2.0.2
OR
dovecotdovecotMatch2.0.3
OR
dovecotdovecotMatch2.0.4
OR
dovecotdovecotMatch2.0.5
OR
dovecotdovecotMatch2.0.6
OR
dovecotdovecotMatch2.0.7
OR
dovecotdovecotMatch2.0.8
OR
dovecotdovecotMatch2.0.9
OR
dovecotdovecotMatch2.0.10
OR
dovecotdovecotMatch2.0.11
OR
dovecotdovecotMatch2.0.12
VendorProductVersionCPE
dovecotdovecot2.0.0cpe:2.3:a:dovecot:dovecot:2.0.0:*:*:*:*:*:*:*
dovecotdovecot2.0.1cpe:2.3:a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
dovecotdovecot2.0.2cpe:2.3:a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
dovecotdovecot2.0.3cpe:2.3:a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
dovecotdovecot2.0.4cpe:2.3:a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
dovecotdovecot2.0.5cpe:2.3:a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
dovecotdovecot2.0.6cpe:2.3:a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*
dovecotdovecot2.0.7cpe:2.3:a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*
dovecotdovecot2.0.8cpe:2.3:a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*
dovecotdovecot2.0.9cpe:2.3:a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6

Confidence

Low

EPSS

0.005

Percentile

77.1%