vendor:
Mailreader.com
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Disclosure
22
CWE
Product Name: Mailreader.com
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Mailreader.com Arbitrary File Disclosure Vulnerability
A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00).
Mitigation:
Ensure that web requests are properly sanitized and validated to prevent directory traversal attacks.
