Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2011-0063 First vendor Publication 2011-03-15
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0063

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 33

OpenVAS Exploits

Date Description
2011-02-07 Name : Majordomo2 Directory Traversal Vulnerability
File : nvt/gb_majordomo2_dir_trav_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71087 Majordomo2 lib/Majordomo.pm _list_file_get() Traversal Arbitrary File Access

Majordomo 2 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the '_list_file_get()' function, lib/Majordomo.pm, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) when handling files. This directory traversal attack would allow the attacker to access arbitrary files.

Nessus® Vulnerability Scanner

Date Description
2011-02-16 Name : The remote web server hosts a web application that contains a directory trave...
File : majordomo2_dir_traversal.nasl - Type : ACT_ATTACK

Sources (Detail)

http://secunia.com/advisories/43631
http://securityreason.com/securityalert/8133
http://sotiriu.de/adv/NSOADV-2011-003.txt
http://www.securityfocus.com/archive/1/516923/100/0/threaded
https://bugzilla.mozilla.org/show_bug.cgi?id=631307
https://exchange.xforce.ibmcloud.com/vulnerabilities/66011
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:05:42
  • Multiple Updates
2024-11-28 12:24:19
  • Multiple Updates
2021-05-04 12:13:45
  • Multiple Updates
2021-04-22 01:14:54
  • Multiple Updates
2020-05-23 01:43:37
  • Multiple Updates
2020-05-23 00:27:30
  • Multiple Updates
2018-10-11 00:20:02
  • Multiple Updates
2017-08-17 09:23:13
  • Multiple Updates
2016-04-26 20:27:15
  • Multiple Updates
2014-02-17 10:59:21
  • Multiple Updates
2013-05-10 22:51:59
  • Multiple Updates