CVE-2004-1715

Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.nl/0408-exploits/clearswift.txt	Exploit Vendor Advisory
http://www.securityfocus.com/bid/10918	Exploit Patch Vendor Advisory
http://secunia.com/advisories/12273	Vendor Advisory
http://marc.info/?l=bugtraq&m=109224211512029&w=2
http://marc.info/?l=bugtraq&m=109225567212978&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16960

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clearswift:mimesweeper_for_web:4.0:::::::*
	cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.1:::::::*

Information

Published : 2004-08-10 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1715

Mitre link : CVE-2004-1715

JSON object : View

CWE

NVD-CWE-Other

Products Affected

clearswift

mimesweeper_for_web

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt", "name": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/10918", "name": "10918", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12273", "name": "12273", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=109224211512029&w=2", "name": "20040811 Clearswift Mimesweeper Path Traversal Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=109225567212978&w=2", "name": "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960", "name": "mimesweeper-directory-traversal(16960)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1715", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-08-11T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:clearswift:mimesweeper_for_web:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}

5.0 /10