CVE Vulnerabilities

CVE-2002-0418

Published: Aug 12, 2002 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.

Affected Software

Name Vendor Start Version End Version
Sake_mail Endymion 1.0.20 1.0.20
Sake_mail Endymion 1.0.21 1.0.21
Sake_mail Endymion 1.0.22 1.0.22
Sake_mail Endymion 1.0.23 1.0.23
Sake_mail Endymion 1.0.24 1.0.24
Sake_mail Endymion 1.0.26 1.0.26
Sake_mail Endymion 1.0.27 1.0.27
Sake_mail Endymion 1.0.28 1.0.28
Sake_mail Endymion 1.0.29 1.0.29
Sake_mail Endymion 1.0.30 1.0.30
Sake_mail Endymion 1.0.31 1.0.31
Sake_mail Endymion 1.0.33 1.0.33
Sake_mail Endymion 1.0.34 1.0.34
Sake_mail Endymion 1.0.35 1.0.35
Sake_mail Endymion 1.0.36 1.0.36

References