Majordomo2 Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Majordomo2 and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to Majordomo2 Build 20110204 or later. For updates refer to http://www.mj2.org/

Insight

The flaw is caused by improper validation of user-supplied input via the 'help' parameter in 'mj_wwwusr', which allows attacker to read arbitrary files via directory traversal attacks.

Affected

Majordomo2 Build 20110203 and prior

References

http://www.exploit-db.com/exploits/16103/
https://bugzilla.mozilla.org/show_bug.cgi?id=628064
https://sitewat.ch/en/Advisory/View/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0049, CVE-2011-0063

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AlienForm CGI script
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apple Safari Multiple Vulnerabilities
Apache Tomcat TroubleShooter Servlet Installed
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities