Описание
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | not-affected | 1:1.1.11-0ubuntu2 |
| gutsy | not-affected | code not present |
| hardy | not-affected | code not present |
| intrepid | released | 1:1.1.4-0ubuntu1.3 |
| jaunty | not-affected | 1:1.1.11-0ubuntu2 |
| upstream | needs-triage |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Directory traversal vulnerability in the ManageSieve implementation in ...
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
EPSS
6.4 Medium
CVSS2