Vulnerability Note VU#363726
Majordomo 2 _list_file_get() directory traversal vulnerability
Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function, which may allow a remote, unauthenticated attacker to obtain sensitive information.
Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function (lib/Majordomo.pm) caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web).
Additional information regarding this vulnerability can be found in this Sitewatch Advisory.
A remote unauthenticated attacker could obtain sensitive information.
Vendor Information (Learn More)
The vulnerability is reported in snapshots prior to 20110204.
|Vendor||Status||Date Notified||Date Updated|
|Majordomo 2||Affected||-||04 Feb 2011|
CVSS Metrics (Learn More)
This vulnerability was reported by Michael Brooks.
This document was written by Michael Orlando.
- CVE IDs: CVE-2011-0049
- Date Public: 04 Feb 2011
- Date First Published: 04 Feb 2011
- Date Last Updated: 28 Mar 2011
- Severity Metric: 25.20
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.