Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=100626603407639&w=2 | Third Party Advisory |
http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7576 | Third Party Advisory VDB Entry |
Configurations
History
26 Jan 2024, 20:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
References | (CONFIRM) http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz - Broken Link, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7576 - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=100626603407639&w=2 - Third Party Advisory |
Information
Published : 2001-11-19 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2001-0901
Mitre link : CVE-2001-0901
CVE.ORG link : CVE-2001-0901
JSON object : View
Products Affected
hypermail_development
- hypermail
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type