发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:33:07

[原文]Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.


        W3Mail 1.0.6 版本的viewAttachment.cgi存在目录遍历漏洞。远程攻击者借助file参数的 .. (点 点)读取任意文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  6170
(UNKNOWN)  XF  w3mail-argument-read-files(10612)
(UNKNOWN)  BUGTRAQ  20021112 Fresh hole in W3Mail (fwd)

- 漏洞信息

中危 路径遍历
2002-12-31 00:00:00 2002-12-31 00:00:00
        W3Mail 1.0.6 版本的viewAttachment.cgi存在目录遍历漏洞。远程攻击者借助file参数的 .. (点 点)读取任意文件。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: .

- 漏洞信息 (22015)

W3Mail 1.0.6 File Disclosure Vulnerability (EDBID:22015)
cgi webapps
2002-11-12 Verified
0 Tim Brown
N/A [点击下载]

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 


- 漏洞信息

W3Mail viewAttachment.cgi file Parameter Traversal Arbitrary File Access
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality Upgrade
Exploit Private Vendor Verified

- 漏洞描述

W3Mail contains a flaw that allows a REMOTE attacker to traverse outside of a restricted path. The issue is due to the SCRIPT not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the file parameter. This directory traversal attack would allow the attacker to retrive arbitrary files.

- 时间线

2002-11-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete