CVE-2012-4940
Last modified
CVE-2012-4940 is a vulnerability of currently unknown severity. Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.. EPSS estimates a 83.63% chance of exploitation in the next 30 days.
Description
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gecad | Axigen Free Mail Server | All versions |
References
- http://www.kb.cert.org/vuls/id/586556US Government Resource
- http://www.kb.cert.org/vuls/id/586556US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-4940?
How severe is CVE-2012-4940?
How do I fix CVE-2012-4940?
Are you affected by CVE-2012-4940?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST