CVE-2002-0418

Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0418
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
endymion / sake_mail	1.0.33	1.0.33.x
endymion / sake_mail	1.0.24	1.0.24.x
endymion / sake_mail	1.0.21	1.0.21.x
endymion / sake_mail	1.0.23	1.0.23.x
endymion / sake_mail	1.0.22	1.0.22.x
endymion / sake_mail	1.0.31	1.0.31.x
endymion / sake_mail	1.0.29	1.0.29.x
endymion / sake_mail	1.0.26	1.0.26.x
endymion / sake_mail	1.0.27	1.0.27.x
endymion / sake_mail	1.0.34	1.0.34.x
endymion / sake_mail	1.0.28	1.0.28.x
endymion / sake_mail	1.0.36	1.0.36.x
endymion / sake_mail	1.0.30	1.0.30.x
endymion / sake_mail	1.0.20	1.0.20.x
endymion / sake_mail	1.0.35	1.0.35.x

Vulnerability Database

CVE-2002-0418