Vulnerabilities > CVE-2004-2458 - Unspecified vulnerability in Open Webmail Open Webmail

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

open-webmail

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.

Vulnerable Configurations

Part	Description	Count
Application	Open_Webmail Open Webmail Open Webmail 1.7 Open Webmail Open Webmail 1.8 Open Webmail Open Webmail 1.71 Open Webmail Open Webmail 1.81 Open Webmail Open Webmail 1.90 Open Webmail Open Webmail 2.30	6

References

http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch
http://secunia.com/advisories/11334
http://www.securityfocus.com/bid/10087
https://exchange.xforce.ibmcloud.com/vulnerabilities/15822