Vulnerabilities > CVE-2002-2331 - Configuration vulnerability in Cascadesoft W3Mail

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

cascadesoft

CWE-16

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.

Vulnerable Configurations

Part	Description	Count
Application	Cascadesoft Cascadesoft W3Mail 1.0.2 Cascadesoft W3Mail 1.0.3 Cascadesoft W3Mail 1.0.4 Cascadesoft W3Mail 1.0.5	4

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://online.securityfocus.com/archive/1/284232
http://www.iss.net/security_center/static/9680.php
http://www.securityfocus.com/bid/5314