Описание
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-3201
- https://access.redhat.com/errata/RHSA-2013:0516
- https://access.redhat.com/security/cve/CVE-2011-3201
- https://bugzilla.gnome.org/show_bug.cgi?id=657374
- https://bugzilla.redhat.com/show_bug.cgi?id=733504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82450
- https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
- https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
- http://rhn.redhat.com/errata/RHSA-2013-0516.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Связанные уязвимости
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...
ELSA-2013-0516: evolution security and bug fix update (LOW)