5.0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

clearswift

NVD

Published: 2004-08-11

Updated: 2017-07-11

Summary

Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. This was fixed in MIMEsweeper for Web v5.0.4.

Vulnerable Configurations

Part	Description	Count
Application	Clearswift Clearswift Mimesweeper FOR WEB 4.0 Clearswift Mimesweeper FOR WEB 5.0.1	2

References

http://marc.info/?l=bugtraq&m=109224211512029&w=2
http://marc.info/?l=bugtraq&m=109225567212978&w=2
http://packetstormsecurity.nl/0408-exploits/clearswift.txt
http://secunia.com/advisories/12273
http://www.securityfocus.com/bid/10918
https://exchange.xforce.ibmcloud.com/vulnerabilities/16960