Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via .., .., and similar dot dot sequences in the URL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mimesweeper_for_web | Clearswift | 4.0 (including) | 4.0 (including) |
| Mimesweeper_for_web | Clearswift | 5.0.1 (including) | 5.0.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2
- http://packetstormsecurity.nl/0408-exploits/clearswift.txt
- http://secunia.com/advisories/12273
- http://www.securityfocus.com/bid/10918
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16960
- http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2
- http://packetstormsecurity.nl/0408-exploits/clearswift.txt
- http://secunia.com/advisories/12273
- http://www.securityfocus.com/bid/10918
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16960