Cobalt Qube目录遍历漏洞-安全小百科

Cobalt Qube目录遍历漏洞

漏洞ID	1106423	漏洞类型	路径遍历
发布时间	2001-07-05	更新时间	2001-07-05
CVE编号	CVE-2001-1408	CNNVD-ID	CNNVD-200107-056
漏洞平台	PHP	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/20995
https://www.securityfocus.com/bid/89625
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-056

|漏洞详情

CobaltQube3中的WebMail2.0.1版本中的readmsg.php存在目录遍历漏洞。远程攻击者可以借助在mailbox参数中的..(点点)读取任意文件。

|漏洞EXP

source: http://www.securityfocus.com/bid/2987/info

Cobalt Qube is an fully-featured network "server appliance".
It includes pre-installed tools and applications and can be put online with very little configuration.

A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host. 

http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

|受影响的产品

Cobalt Webmail 2.0.1

Cobalt Qube 3.0

|参考资料

来源:XF
名称:cobalt-qube-directory-traversal(6805)
链接:http://xforce.iss.net/static/6805.php
来源:BUGTRAQ
名称:20010818CobaltupdateformyWebmailissue.
链接:http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html
来源:BUGTRAQ
名称:20010705CobaltCubeWebmaildirectorytraversal
链接:http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html

相关推荐: Check Point VPN-1/FireWall-1组件间认证机制服务拒绝漏洞

Check Point VPN-1/FireWall-1组件间认证机制服务拒绝漏洞漏洞ID 1206254 漏洞类型未知发布时间 2000-11-14 更新时间 2000-11-14 CVE编号 CVE-2000-0806 CNNVD-ID CNNVD-…

文章版权归作者所有，未经允许请勿转载。

THE END