Vulnerability-Lookup

CVE-2002-1581 (GCVE-0-2002-1581)

Vulnerability from cvelistv5 – Published: 2004-07-06 04:00 – Updated: 2024-08-08 03:26

Summary

Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://mailreader.com/download/ChangeLog	x_refsource_CONFIRM
	http://www.iss.net/security_center/static/10490.php	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/6055	vdb-entryx_refsource_BID
	http://www.debian.org/security/2004/dsa-534	vendor-advisoryx_refsource_DEBIAN
	http://mailreader.com/download/ChangeLog	x_refsource_MISC
	http://www.securityfocus.com/archive/1/297428	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:29.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mailreader.com/download/ChangeLog"
          },
          {
            "name": "mailreader-dotdot-directory-traversal(10490)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10490.php"
          },
          {
            "name": "6055",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6055"
          },
          {
            "name": "DSA-534",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://mailreader.com/download/ChangeLog"
          },
          {
            "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/297428"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-02T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mailreader.com/download/ChangeLog"
        },
        {
          "name": "mailreader-dotdot-directory-traversal(10490)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10490.php"
        },
        {
          "name": "6055",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6055"
        },
        {
          "name": "DSA-534",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://mailreader.com/download/ChangeLog"
        },
        {
          "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/297428"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://mailreader.com/download/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://mailreader.com/download/ChangeLog"
            },
            {
              "name": "mailreader-dotdot-directory-traversal(10490)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10490.php"
            },
            {
              "name": "6055",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6055"
            },
            {
              "name": "DSA-534",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-534"
            },
            {
              "name": "http://mailreader.com/download/ChangeLog",
              "refsource": "MISC",
              "url": "http://mailreader.com/download/ChangeLog"
            },
            {
              "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/297428"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1581",
    "datePublished": "2004-07-06T04:00:00",
    "dateReserved": "2004-06-30T00:00:00",
    "dateUpdated": "2024-08-08T03:26:29.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1581\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-06T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de atravesamiento de directorios en nph-mr.cgi en Mailreader.com 2.3.20 a 2.3.31 permite a atacantes remotos ver ficheros de su elecci\u00f3n mediante secuencias .. (punto punto) y un byte nulo (%00) en el par\u00e1metro configLanguage\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4973BA4E-9117-44F8-86AB-087378A6CC7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204F09AB-0001-4B2F-8129-D63CBFEF0328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6384049E-8303-426F-BC5F-11FC4B2C2A0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E78F85-AC32-47D4-B7E0-CBF8183A4F5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C8C4860-B717-42BB-8162-37F8E9EA7664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807B68CD-503D-4DD8-8D9E-8C5EF4A225C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38FA70B9-4498-4F97-A6B5-46A10337D98A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D293C206-3E79-49ED-9CC5-80631EF7D9EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BE2D1D-826F-4647-ADB1-EE654FEB62A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D160AC3B-E03D-4073-ADB3-5FC8309037E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A37F7F2-C147-4D04-83D0-421EDB1EF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19CC1D27-027D-4032-B9CC-CD41ED085FD0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"}]}]}],\"references\":[{\"url\":\"http://mailreader.com/download/ChangeLog\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mailreader.com/download/ChangeLog\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2004/dsa-534\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/10490.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/297428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/6055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://mailreader.com/download/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mailreader.com/download/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2004/dsa-534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/10490.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/297428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/6055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-X569-Q6M8-549J

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2022-04-30 18:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-1581"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-06T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.",
  "id": "GHSA-x569-q6m8-549j",
  "modified": "2022-04-30T18:21:26Z",
  "published": "2022-04-30T18:21:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1581"
    },
    {
      "type": "WEB",
      "url": "http://mailreader.com/download/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-534"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/10490.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/297428"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/6055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2002-1581

Vulnerability from fkie_nvd - Published: 2004-12-06 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://mailreader.com/download/ChangeLog
cve@mitre.org	http://mailreader.com/download/ChangeLog
cve@mitre.org	http://www.debian.org/security/2004/dsa-534	Patch, Vendor Advisory
cve@mitre.org	http://www.iss.net/security_center/static/10490.php	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/297428	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/6055	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mailreader.com/download/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	http://mailreader.com/download/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-534	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/10490.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/297428	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6055	Exploit, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mailreader.com	mailreader.com	2.3.20
mailreader.com	mailreader.com	2.3.21
mailreader.com	mailreader.com	2.3.22
mailreader.com	mailreader.com	2.3.23
mailreader.com	mailreader.com	2.3.24
mailreader.com	mailreader.com	2.3.25
mailreader.com	mailreader.com	2.3.26
mailreader.com	mailreader.com	2.3.27
mailreader.com	mailreader.com	2.3.28
mailreader.com	mailreader.com	2.3.29
mailreader.com	mailreader.com	2.3.30
mailreader.com	mailreader.com	2.3.31
debian	debian_linux	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4973BA4E-9117-44F8-86AB-087378A6CC7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "204F09AB-0001-4B2F-8129-D63CBFEF0328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6384049E-8303-426F-BC5F-11FC4B2C2A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E78F85-AC32-47D4-B7E0-CBF8183A4F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C8C4860-B717-42BB-8162-37F8E9EA7664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "807B68CD-503D-4DD8-8D9E-8C5EF4A225C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FA70B9-4498-4F97-A6B5-46A10337D98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293C206-3E79-49ED-9CC5-80631EF7D9EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BE2D1D-826F-4647-ADB1-EE654FEB62A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D160AC3B-E03D-4073-ADB3-5FC8309037E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A37F7F2-C147-4D04-83D0-421EDB1EF343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CC1D27-027D-4032-B9CC-CD41ED085FD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de atravesamiento de directorios en nph-mr.cgi en Mailreader.com 2.3.20 a 2.3.31 permite a atacantes remotos ver ficheros de su elecci\u00f3n mediante secuencias .. (punto punto) y un byte nulo (%00) en el par\u00e1metro configLanguage"
    }
  ],
  "id": "CVE-2002-1581",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-06T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://mailreader.com/download/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mailreader.com/download/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-534"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10490.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/297428"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mailreader.com/download/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mailreader.com/download/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10490.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/297428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6055"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2002-1581

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2002-1581

Aliases

CVE-2002-1581

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-1581",
    "description": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.",
    "id": "GSD-2002-1581",
    "references": [
      "https://www.debian.org/security/2004/dsa-534"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-1581"
      ],
      "details": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.",
      "id": "GSD-2002-1581",
      "modified": "2023-12-13T01:24:09.753375Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-1581",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://mailreader.com/download/ChangeLog",
            "refsource": "CONFIRM",
            "url": "http://mailreader.com/download/ChangeLog"
          },
          {
            "name": "mailreader-dotdot-directory-traversal(10490)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/10490.php"
          },
          {
            "name": "6055",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/6055"
          },
          {
            "name": "DSA-534",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2004/dsa-534"
          },
          {
            "name": "http://mailreader.com/download/ChangeLog",
            "refsource": "MISC",
            "url": "http://mailreader.com/download/ChangeLog"
          },
          {
            "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/297428"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mailreader.com:mailreader.com:2.3.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1581"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/297428"
            },
            {
              "name": "DSA-534",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2004/dsa-534"
            },
            {
              "name": "mailreader-dotdot-directory-traversal(10490)",
              "refsource": "XF",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.iss.net/security_center/static/10490.php"
            },
            {
              "name": "6055",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/6055"
            },
            {
              "name": "http://mailreader.com/download/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://mailreader.com/download/ChangeLog"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:10Z",
      "publishedDate": "2004-12-06T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-1581 (GCVE-0-2002-1581)

GHSA-X569-Q6M8-549J

FKIE_CVE-2002-1581

GSD-2002-1581

Tags

Sightings

Nomenclature