CVE-2011-3201

Опубликовано: 08 мар. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

Ссылки

http://rhn.redhat.com/errata/RHSA-2013-0516.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=657374
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=733504
Issue Tracking
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82450
https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
Patch
Vendor Advisory
https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
Patch
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0516.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=657374
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=733504
Issue Tracking
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82450
https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
Patch
Vendor Advisory
https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*

Версия до 3.0.3 (включая)

cpe:2.3:a:gnome:evolution:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:1.11:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.10.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.12:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.12.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.22.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.24:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.24.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.26.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.26.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.28.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.30.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:2.32.3:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00808

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2011-3201

ubuntu

больше 12 лет назад

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

CVE-2011-3201

redhat

почти 14 лет назад

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

CVE-2011-3201

debian

больше 12 лет назад

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...

GHSA-vj43-93vc-r5g8

github

больше 3 лет назад

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

ELSA-2013-0516

oracle-oval

больше 12 лет назад

ELSA-2013-0516: evolution security and bug fix update (LOW)

EPSS

Процентиль: 73%

0.00808

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200