Strix
26.1K

CVE-2011-0063

UnknownEPSS 85.45%

Last modified

CVE-2011-0063 is a vulnerability of currently unknown severity. The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. EPSS estimates a 85.45% chance of exploitation in the next 30 days.

Description

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

Metrics

EPSS Probability
85.45%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Mj2Majordomo 2<= 20110203
Mj2Majordomo 220110101
Mj2Majordomo 220110102
Mj2Majordomo 220110103
Mj2Majordomo 220110104
Mj2Majordomo 220110105
Mj2Majordomo 220110106
Mj2Majordomo 220110107
Mj2Majordomo 220110108
Mj2Majordomo 220110109
Mj2Majordomo 220110110
Mj2Majordomo 220110111
Mj2Majordomo 220110112
Mj2Majordomo 220110113
Mj2Majordomo 220110114
Mj2Majordomo 220110115
Mj2Majordomo 220110116
Mj2Majordomo 220110117
Mj2Majordomo 220110118
Mj2Majordomo 220110119
Mj2Majordomo 220110120
Mj2Majordomo 220110121
Mj2Majordomo 220110122
Mj2Majordomo 220110123
Mj2Majordomo 220110124
Mj2Majordomo 220110125
Mj2Majordomo 220110126
Mj2Majordomo 220110127
Mj2Majordomo 220110128
Mj2Majordomo 220110129
Mj2Majordomo 220110130
Mj2Majordomo 220110131
Mj2Majordomo 220110201
Mj2Majordomo 220110202

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-0063?
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
How severe is CVE-2011-0063?
Severity scoring for CVE-2011-0063 is pending analysis. The EPSS model estimates a 85.45% probability of exploitation in the next 30 days.
How do I fix CVE-2011-0063?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-0063?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST