cvelistv5 - cve-2011-0049

CVE-2011-0049 (GCVE-0-2011-0049)

Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:43

Summary

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2011/0288	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/363726	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/46127	vdb-entryx_refsource_BID
	https://sitewat.ch/en/Advisory/View/1	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=628064	x_refsource_MISC
	http://secunia.com/advisories/43125	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id?1025024	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/516150/100…	mailing-listx_refsource_BUGTRAQ
	http://www.exploit-db.com/exploits/16103	exploitx_refsource_EXPLOIT-DB
	http://securityreason.com/securityalert/8061	third-party-advisoryx_refsource_SREASON
	http://osvdb.org/70762	vdb-entryx_refsource_OSVDB
	https://bug628064.bugzilla.mozilla.org/attachment…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:13.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0288",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0288"
          },
          {
            "name": "VU#363726",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/363726"
          },
          {
            "name": "46127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46127"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sitewat.ch/en/Advisory/View/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
          },
          {
            "name": "43125",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43125"
          },
          {
            "name": "majordomo-listfile-directory-traversal(65113)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
          },
          {
            "name": "1025024",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025024"
          },
          {
            "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
          },
          {
            "name": "16103",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/16103"
          },
          {
            "name": "8061",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8061"
          },
          {
            "name": "70762",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70762"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0288",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0288"
        },
        {
          "name": "VU#363726",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/363726"
        },
        {
          "name": "46127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46127"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sitewat.ch/en/Advisory/View/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
        },
        {
          "name": "43125",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43125"
        },
        {
          "name": "majordomo-listfile-directory-traversal(65113)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
        },
        {
          "name": "1025024",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025024"
        },
        {
          "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
        },
        {
          "name": "16103",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/16103"
        },
        {
          "name": "8061",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8061"
        },
        {
          "name": "70762",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70762"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0049",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0288",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0288"
            },
            {
              "name": "VU#363726",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/363726"
            },
            {
              "name": "46127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46127"
            },
            {
              "name": "https://sitewat.ch/en/Advisory/View/1",
              "refsource": "MISC",
              "url": "https://sitewat.ch/en/Advisory/View/1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
            },
            {
              "name": "43125",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43125"
            },
            {
              "name": "majordomo-listfile-directory-traversal(65113)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
            },
            {
              "name": "1025024",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025024"
            },
            {
              "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
            },
            {
              "name": "16103",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/16103"
            },
            {
              "name": "8061",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8061"
            },
            {
              "name": "70762",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70762"
            },
            {
              "name": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481",
              "refsource": "MISC",
              "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0049",
    "datePublished": "2011-02-04T00:00:00",
    "dateReserved": "2010-12-21T00:00:00",
    "dateUpdated": "2024-08-06T21:43:13.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20110130\", \"matchCriteriaId\": \"17911370-2B86-44EB-9523-A4B4C3EBC823\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FED67E3F-2F5F-4159-97C9-1A575134B42E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0459E83A-41BF-4994-B016-2F8755BC6D9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07ED0C1-7112-4E88-98A9-9E27F4571005\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11880F03-0C14-4266-8DE1-C99235073B23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22CC04CF-1D44-43CA-BFEE-307478E50F97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B277451A-5A3C-4874-BB33-DD4DF41BC4CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36FDC007-7028-4542-AB64-78842C9AE5FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D79FB11B-0BA2-4AF2-B5C9-9892BB1806DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC14E9C7-985D-451A-A3A7-A2955EDF5E39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA7478B0-32AA-4A9B-87FD-F281FCF11698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C673A682-19BF-4693-ACF6-0421816360F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E821FCD3-5498-435B-9FB9-27204C7FAD79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9986CD-5A19-4A9F-B9C5-071F10D75ACC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B743F6-C590-41E2-9606-0AF2F1E6074B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EC89726-C978-4B17-A29C-FB9A27077965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AF3CC54-5821-4B01-8410-E3153B8FB9C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31AC80E2-094F-4BEC-B42C-7612FC1669A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8BCFB35-65DA-4355-8671-B89D63F33E15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAAFD5D0-F4B7-46B3-9C53-119C08DE10E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3F8B84E-A479-40E8-849F-C2A1A0EB2F8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B63D03E-5F8A-401F-B7BE-371D45C44AB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BDA4C98-2B93-4BB2-BD15-A10207C45B8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFD273E0-FE78-4549-A33F-30784ABDD59B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09C03F49-9E03-4F51-BB57-375E95EA1932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"822E0ACC-020A-4095-940E-927E32069921\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20BD2C29-0348-4A9E-AD3F-50A89E302DBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65352BA8-8AF0-45F7-9908-D8A9B3E4EC1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BFE7D65-C4F8-4B93-879C-0AD4681DD04B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4635540B-E16C-4C9C-9624-BF4DF5F9F566\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la funci\\u00f3n _list_file_get en lib/Majordomo.pm en Majordomo v2 anterior a v20110131 permite a atacantes remotos leer ficheros arbitrarios mediante secuencias .. (punto punto) en el comando help, como se ha demostrado usando (1) un correo electr\\u00f3nico manipulado y  (2) cgi-bin/mj_wwwusr en la interfaz web.\"}]",
      "id": "CVE-2011-0049",
      "lastModified": "2024-11-21T01:23:12.000",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-02-04T01:00:07.400",
      "references": "[{\"url\": \"http://osvdb.org/70762\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/43125\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8061\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.exploit-db.com/exploits/16103\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/363726\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516150/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/46127\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1025024\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0288\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=628064\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/65113\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://sitewat.ch/en/Advisory/View/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"URL Repurposed\"]}, {\"url\": \"http://osvdb.org/70762\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43125\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/16103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/363726\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516150/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46127\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1025024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=628064\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/65113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://sitewat.ch/en/Advisory/View/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"URL Repurposed\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0049\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-02-04T01:00:07.400\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la funci\u00f3n _list_file_get en lib/Majordomo.pm en Majordomo v2 anterior a v20110131 permite a atacantes remotos leer ficheros arbitrarios mediante secuencias .. (punto punto) en el comando help, como se ha demostrado usando (1) un correo electr\u00f3nico manipulado y  (2) cgi-bin/mj_wwwusr en la interfaz web.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20110130\",\"matchCriteriaId\":\"17911370-2B86-44EB-9523-A4B4C3EBC823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED67E3F-2F5F-4159-97C9-1A575134B42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0459E83A-41BF-4994-B016-2F8755BC6D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07ED0C1-7112-4E88-98A9-9E27F4571005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11880F03-0C14-4266-8DE1-C99235073B23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22CC04CF-1D44-43CA-BFEE-307478E50F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B277451A-5A3C-4874-BB33-DD4DF41BC4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FDC007-7028-4542-AB64-78842C9AE5FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D79FB11B-0BA2-4AF2-B5C9-9892BB1806DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC14E9C7-985D-451A-A3A7-A2955EDF5E39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7478B0-32AA-4A9B-87FD-F281FCF11698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C673A682-19BF-4693-ACF6-0421816360F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E821FCD3-5498-435B-9FB9-27204C7FAD79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9986CD-5A19-4A9F-B9C5-071F10D75ACC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B743F6-C590-41E2-9606-0AF2F1E6074B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EC89726-C978-4B17-A29C-FB9A27077965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF3CC54-5821-4B01-8410-E3153B8FB9C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AC80E2-094F-4BEC-B42C-7612FC1669A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8BCFB35-65DA-4355-8671-B89D63F33E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAFD5D0-F4B7-46B3-9C53-119C08DE10E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F8B84E-A479-40E8-849F-C2A1A0EB2F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B63D03E-5F8A-401F-B7BE-371D45C44AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDA4C98-2B93-4BB2-BD15-A10207C45B8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFD273E0-FE78-4549-A33F-30784ABDD59B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C03F49-9E03-4F51-BB57-375E95EA1932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"822E0ACC-020A-4095-940E-927E32069921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20BD2C29-0348-4A9E-AD3F-50A89E302DBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65352BA8-8AF0-45F7-9908-D8A9B3E4EC1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BFE7D65-C4F8-4B93-879C-0AD4681DD04B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4635540B-E16C-4C9C-9624-BF4DF5F9F566\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/70762\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43125\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8061\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/16103\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/363726\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516150/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/46127\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1025024\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0288\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=628064\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65113\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sitewat.ch/en/Advisory/View/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"URL Repurposed\"]},{\"url\":\"http://osvdb.org/70762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/16103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/363726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516150/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1025024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=628064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://sitewat.ch/en/Advisory/View/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"URL Repurposed\"]}]}}"
  }
}

GHSA-59MR-6PW8-2C97

Vulnerability from github – Published: 2022-05-03 03:25 – Updated: 2022-05-03 03:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-04T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.",
  "id": "GHSA-59mr-6pw8-2c97",
  "modified": "2022-05-03T03:25:30Z",
  "published": "2022-05-03T03:25:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0049"
    },
    {
      "type": "WEB",
      "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
    },
    {
      "type": "WEB",
      "url": "https://sitewat.ch/en/Advisory/View/1"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70762"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43125"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8061"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/16103"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/363726"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46127"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025024"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0288"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-057

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Majordomo 2 permet à un utilisateur malveillant d'obtenir des informations sensibles sur le serveur.

Description

Majordomo 2 est un gestionnaire de listes de diffusion.

Une vulnérabilité dans le traitement de certaines requêtes, par l'interface web comme par l'interface mèl, permet à un utilisateur malveillant de lire indûment des fichiers sur le serveur.

Solution

Les versions de Majordomo 2 à partir du 30 janvier 2011 remédient à cette vulnérabilité.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Majordomo 2 antérieur au 30 janvier 2011.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de vulnérabilité de l'US-CERT VU#363726 du 04 février 2011	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#363726 du 04 février 2011 :	-	other
Site de téléchargement de Majordomo :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMajordomo 2 ant\u00e9rieur au 30 janvier  2011.\u003c/p\u003e",
  "content": "## Description\n\nMajordomo 2 est un gestionnaire de listes de diffusion.\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement de certaines requ\u00eates, par\nl\u0027interface web comme par l\u0027interface m\u00e8l, permet \u00e0 un utilisateur\nmalveillant de lire ind\u00fbment des fichiers sur le serveur.\n\n## Solution\n\nLes versions de Majordomo 2 \u00e0 partir du 30 janvier 2011 rem\u00e9dient \u00e0\ncette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0049"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#363726 du 04 f\u00e9vrier    2011 :",
      "url": "http://www.kb.cert.org/vuls/id/363726"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement de Majordomo :",
      "url": "http://ftp.mj2.org/pub/mj2/snapshots/2011-02/"
    }
  ],
  "reference": "CERTA-2011-AVI-057",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Majordomo 2 permet \u00e0 un utilisateur malveillant\nd\u0027obtenir des informations sensibles sur le serveur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Majordomo 2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#363726 du 04 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-057

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Majordomo 2 permet à un utilisateur malveillant d'obtenir des informations sensibles sur le serveur.

Description

Majordomo 2 est un gestionnaire de listes de diffusion.

Une vulnérabilité dans le traitement de certaines requêtes, par l'interface web comme par l'interface mèl, permet à un utilisateur malveillant de lire indûment des fichiers sur le serveur.

Solution

Les versions de Majordomo 2 à partir du 30 janvier 2011 remédient à cette vulnérabilité.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Majordomo 2 antérieur au 30 janvier 2011.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de vulnérabilité de l'US-CERT VU#363726 du 04 février 2011	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#363726 du 04 février 2011 :	-	other
Site de téléchargement de Majordomo :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMajordomo 2 ant\u00e9rieur au 30 janvier  2011.\u003c/p\u003e",
  "content": "## Description\n\nMajordomo 2 est un gestionnaire de listes de diffusion.\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement de certaines requ\u00eates, par\nl\u0027interface web comme par l\u0027interface m\u00e8l, permet \u00e0 un utilisateur\nmalveillant de lire ind\u00fbment des fichiers sur le serveur.\n\n## Solution\n\nLes versions de Majordomo 2 \u00e0 partir du 30 janvier 2011 rem\u00e9dient \u00e0\ncette vuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0049"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#363726 du 04 f\u00e9vrier    2011 :",
      "url": "http://www.kb.cert.org/vuls/id/363726"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement de Majordomo :",
      "url": "http://ftp.mj2.org/pub/mj2/snapshots/2011-02/"
    }
  ],
  "reference": "CERTA-2011-AVI-057",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Majordomo 2 permet \u00e0 un utilisateur malveillant\nd\u0027obtenir des informations sensibles sur le serveur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Majordomo 2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#363726 du 04 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

GSD-2011-0049

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0049

Aliases

CVE-2011-0049

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0049",
    "description": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.",
    "id": "GSD-2011-0049",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0049.html",
      "https://packetstormsecurity.com/files/cve/CVE-2011-0049"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0049"
      ],
      "details": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.",
      "id": "GSD-2011-0049",
      "modified": "2023-12-13T01:19:04.350321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-0049",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0288",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0288"
          },
          {
            "name": "VU#363726",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/363726"
          },
          {
            "name": "46127",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46127"
          },
          {
            "name": "https://sitewat.ch/en/Advisory/View/1",
            "refsource": "MISC",
            "url": "https://sitewat.ch/en/Advisory/View/1"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
          },
          {
            "name": "43125",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43125"
          },
          {
            "name": "majordomo-listfile-directory-traversal(65113)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
          },
          {
            "name": "1025024",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025024"
          },
          {
            "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
          },
          {
            "name": "16103",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/16103"
          },
          {
            "name": "8061",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8061"
          },
          {
            "name": "70762",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70762"
          },
          {
            "name": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481",
            "refsource": "MISC",
            "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20110130",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0049"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
            },
            {
              "name": "43125",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43125"
            },
            {
              "name": "https://sitewat.ch/en/Advisory/View/1",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://sitewat.ch/en/Advisory/View/1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
            },
            {
              "name": "46127",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/46127"
            },
            {
              "name": "VU#363726",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/363726"
            },
            {
              "name": "ADV-2011-0288",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0288"
            },
            {
              "name": "1025024",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025024"
            },
            {
              "name": "70762",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70762"
            },
            {
              "name": "8061",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8061"
            },
            {
              "name": "16103",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/16103"
            },
            {
              "name": "majordomo-listfile-directory-traversal(65113)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
            },
            {
              "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:09Z",
      "publishedDate": "2011-02-04T01:00Z"
    }
  }
}

FKIE_CVE-2011-0049

Vulnerability from fkie_nvd - Published: 2011-02-04 01:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/70762
cve@mitre.org	http://secunia.com/advisories/43125	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/8061
cve@mitre.org	http://www.exploit-db.com/exploits/16103
cve@mitre.org	http://www.kb.cert.org/vuls/id/363726	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/516150/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/46127	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1025024
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0288
cve@mitre.org	https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481	Patch
cve@mitre.org	https://bugzilla.mozilla.org/show_bug.cgi?id=628064	Exploit, Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
cve@mitre.org	https://sitewat.ch/en/Advisory/View/1	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70762
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43125	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8061
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/16103
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/363726	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516150/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46127	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025024
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0288
af854a3a-2127-422b-91ae-364da2661108	https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=628064	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
af854a3a-2127-422b-91ae-364da2661108	https://sitewat.ch/en/Advisory/View/1	Exploit, URL Repurposed

Impacted products

Vendor	Product	Version
mj2	majordomo_2	*
mj2	majordomo_2	20110101
mj2	majordomo_2	20110102
mj2	majordomo_2	20110103
mj2	majordomo_2	20110104
mj2	majordomo_2	20110105
mj2	majordomo_2	20110106
mj2	majordomo_2	20110107
mj2	majordomo_2	20110108
mj2	majordomo_2	20110109
mj2	majordomo_2	20110110
mj2	majordomo_2	20110111
mj2	majordomo_2	20110112
mj2	majordomo_2	20110113
mj2	majordomo_2	20110114
mj2	majordomo_2	20110115
mj2	majordomo_2	20110116
mj2	majordomo_2	20110117
mj2	majordomo_2	20110118
mj2	majordomo_2	20110119
mj2	majordomo_2	20110120
mj2	majordomo_2	20110121
mj2	majordomo_2	20110122
mj2	majordomo_2	20110123
mj2	majordomo_2	20110124
mj2	majordomo_2	20110125
mj2	majordomo_2	20110126
mj2	majordomo_2	20110127
mj2	majordomo_2	20110128
mj2	majordomo_2	20110129

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17911370-2B86-44EB-9523-A4B4C3EBC823",
              "versionEndIncluding": "20110130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED67E3F-2F5F-4159-97C9-1A575134B42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*",
              "matchCriteriaId": "0459E83A-41BF-4994-B016-2F8755BC6D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07ED0C1-7112-4E88-98A9-9E27F4571005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*",
              "matchCriteriaId": "11880F03-0C14-4266-8DE1-C99235073B23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*",
              "matchCriteriaId": "22CC04CF-1D44-43CA-BFEE-307478E50F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*",
              "matchCriteriaId": "B277451A-5A3C-4874-BB33-DD4DF41BC4CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FDC007-7028-4542-AB64-78842C9AE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79FB11B-0BA2-4AF2-B5C9-9892BB1806DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC14E9C7-985D-451A-A3A7-A2955EDF5E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7478B0-32AA-4A9B-87FD-F281FCF11698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*",
              "matchCriteriaId": "C673A682-19BF-4693-ACF6-0421816360F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*",
              "matchCriteriaId": "E821FCD3-5498-435B-9FB9-27204C7FAD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9986CD-5A19-4A9F-B9C5-071F10D75ACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B743F6-C590-41E2-9606-0AF2F1E6074B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC89726-C978-4B17-A29C-FB9A27077965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF3CC54-5821-4B01-8410-E3153B8FB9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*",
              "matchCriteriaId": "31AC80E2-094F-4BEC-B42C-7612FC1669A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BCFB35-65DA-4355-8671-B89D63F33E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAFD5D0-F4B7-46B3-9C53-119C08DE10E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F8B84E-A479-40E8-849F-C2A1A0EB2F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B63D03E-5F8A-401F-B7BE-371D45C44AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDA4C98-2B93-4BB2-BD15-A10207C45B8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFD273E0-FE78-4549-A33F-30784ABDD59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C03F49-9E03-4F51-BB57-375E95EA1932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*",
              "matchCriteriaId": "822E0ACC-020A-4095-940E-927E32069921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*",
              "matchCriteriaId": "20BD2C29-0348-4A9E-AD3F-50A89E302DBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*",
              "matchCriteriaId": "65352BA8-8AF0-45F7-9908-D8A9B3E4EC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFE7D65-C4F8-4B93-879C-0AD4681DD04B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*",
              "matchCriteriaId": "4635540B-E16C-4C9C-9624-BF4DF5F9F566",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n _list_file_get en lib/Majordomo.pm en Majordomo v2 anterior a v20110131 permite a atacantes remotos leer ficheros arbitrarios mediante secuencias .. (punto punto) en el comando help, como se ha demostrado usando (1) un correo electr\u00f3nico manipulado y  (2) cgi-bin/mj_wwwusr en la interfaz web."
    }
  ],
  "id": "CVE-2011-0049",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-04T01:00:07.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70762"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43125"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/16103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/363726"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/46127"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025024"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0288"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisory/View/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/16103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/363726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/46127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisory/View/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0049 (GCVE-0-2011-0049)

GHSA-59MR-6PW8-2C97

CERTA-2011-AVI-057

Description

Solution

CERTA-2011-AVI-057

Description

Solution

GSD-2011-0049

FKIE_CVE-2011-0049

Tags

Sightings

Nomenclature