// For flags

CVE-2002-1385

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

openwebmail_init en Open WebMail 1.81 y anteriores permiten a usuarios locales ejecutar código arbitrario mediante secuencias .. (punto punto) en un nombre de inicio de sesión, como el nombre suministrado en el parámetro sessionid de openwebmail-abook.pl, que es usado para encontrar un fichero de configuración que especifica código adicional para ser ejecutado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2002-12-19 CVE Reserved
  • 2002-12-26 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Open Webmail
Search vendor "Open Webmail"
Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
1.7
Search vendor "Open Webmail" for product "Open Webmail" and version "1.7"
-
Affected
Open Webmail
Search vendor "Open Webmail"
Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
1.8
Search vendor "Open Webmail" for product "Open Webmail" and version "1.8"
-
Affected
Open Webmail
Search vendor "Open Webmail"
Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
1.71
Search vendor "Open Webmail" for product "Open Webmail" and version "1.71"
-
Affected
Open Webmail
Search vendor "Open Webmail"
Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
1.81
Search vendor "Open Webmail" for product "Open Webmail" and version "1.81"
-
Affected