Strix
26.1K

CVE-2011-0049

UnknownEPSS 95.39%

Last modified

CVE-2011-0049 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.. EPSS estimates a 95.39% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Metrics

EPSS Probability
95.39%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Mj2Majordomo 2<= 20110130
Mj2Majordomo 220110101
Mj2Majordomo 220110102
Mj2Majordomo 220110103
Mj2Majordomo 220110104
Mj2Majordomo 220110105
Mj2Majordomo 220110106
Mj2Majordomo 220110107
Mj2Majordomo 220110108
Mj2Majordomo 220110109
Mj2Majordomo 220110110
Mj2Majordomo 220110111
Mj2Majordomo 220110112
Mj2Majordomo 220110113
Mj2Majordomo 220110114
Mj2Majordomo 220110115
Mj2Majordomo 220110116
Mj2Majordomo 220110117
Mj2Majordomo 220110118
Mj2Majordomo 220110119
Mj2Majordomo 220110120
Mj2Majordomo 220110121
Mj2Majordomo 220110122
Mj2Majordomo 220110123
Mj2Majordomo 220110124
Mj2Majordomo 220110125
Mj2Majordomo 220110126
Mj2Majordomo 220110127
Mj2Majordomo 220110128
Mj2Majordomo 220110129

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-0049?
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
How severe is CVE-2011-0049?
Severity scoring for CVE-2011-0049 is pending analysis. The EPSS model estimates a 95.39% probability of exploitation in the next 30 days.
How do I fix CVE-2011-0049?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-0049?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST