| VID |
21260 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mailreader.com contains a directory traversal vulnerability.
Mailreader.com, developed by Kim Holviala, is a freely available Web-based POP3 Webmail written in Perl. The version 2.3.31 and earlier of Mailreader.com can disclose the contents of arbitrary webserver file, caused by improper validation of user-supplied "configLanguage" parameter. To exploit this vulnerability, a remote attacker will send a "nph-mr.cgi" request containing "dot dot" sequences (/../) and a known file appended with a NULL byte character (%00) as the follow:
http://[targetserver]/cgi-bin/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
It can allow a remote attacker to view the requested file (password file).
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=103583018300931&w=2
* Platforms Affected:
Mailreader.com 2.3.31 and earlier
Linux Any version
Unix Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version or 2.3.33 or later of Mailreader.com, available from the Mailreader.com Web site at http://www.mailreader.com/
Now the latest version, Mailreader.com version 2.3.35, is released on Mar. 4, 2003. |
| Related URL |
CVE-2002-1581 (CVE) |
| Related URL |
6055 (SecurityFocus) |
| Related URL |
10490 (ISS) |
|
