CVE-2001-0901

Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:hypermail_development:hypermail:*:*:*:*:*:*:*:*

History

26 Jan 2024, 20:01

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-434
References (CONFIRM) http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz - Vendor Advisory (CONFIRM) http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz - Broken Link, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7576 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7576 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=100626603407639&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=100626603407639&w=2 - Third Party Advisory

Information

Published : 2001-11-19 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2001-0901

Mitre link : CVE-2001-0901

CVE.ORG link : CVE-2001-0901


JSON object : View

Products Affected

hypermail_development

  • hypermail
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type