Web application abuses : BasiliX Arbitrary File Disclosure Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.14305

Kategorie: Web application abuses

Titel: BasiliX Arbitrary File Disclosure Vulnerability

Zusammenfassung: The remote web server contains a PHP script that is prone to information;disclosure.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary;files that are accessible to the web server user when sending a message since they accept a list of attachment;names from the client yet do not verify that the attachments were in fact uploaded.;;Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to;establish a session on the target without otherwise having access there by authenticating against an IMAP server;of his or her choosing.

Beschreibung: Summary:
The remote web server contains a PHP script that is prone to information
disclosure.

Description :

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary
files that are accessible to the web server user when sending a message since they accept a list of attachment
names from the client yet do not verify that the attachments were in fact uploaded.

Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to
establish a session on the target without otherwise having access there by authenticating against an IMAP server
of his or her choosing.

Solution:
Upgrade to BasiliX version 1.1.1 or later.

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N

Querverweis: BugTraq ID: 5062
Common Vulnerability Exposure (CVE) ID: CVE-2002-1710
http://www.securityfocus.com/bid/5062
Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search)
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
XForce ISS Database: basilix-webmail-attach-files(9386)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9386

Copyright This script is Copyright (C) 2004 George A. Theall

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.14305
Kategorie:	Web application abuses
Titel:	BasiliX Arbitrary File Disclosure Vulnerability
Zusammenfassung:	The remote web server contains a PHP script that is prone to information;disclosure.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary;files that are accessible to the web server user when sending a message since they accept a list of attachment;names from the client yet do not verify that the attachments were in fact uploaded.;;Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to;establish a session on the target without otherwise having access there by authenticating against an IMAP server;of his or her choosing.
Beschreibung:	Summary: The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fact uploaded. Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to establish a session on the target without otherwise having access there by authenticating against an IMAP server of his or her choosing. Solution: Upgrade to BasiliX version 1.1.1 or later. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	BugTraq ID: 5062 Common Vulnerability Exposure (CVE) ID: CVE-2002-1710 http://www.securityfocus.com/bid/5062 Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search) http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html XForce ISS Database: basilix-webmail-attach-files(9386) https://exchange.xforce.ibmcloud.com/vulnerabilities/9386
Copyright	This script is Copyright (C) 2004 George A. Theall