IlohaMail Arbitrary File Access Via Language Variable Network Vulnerability

Summary

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user.

Solution

Upgrade to IlohaMail version 0.7.11 or later.

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mailman private.py Directory Traversal Vulnerability
WebLogic Server /%00/ bug
Quick Tftp Server Pro Directory Traversal Vulnerability
Simple PHP Blog dir traversal
Use LDAP search request to retrieve information from NT Directory Services

IlohaMail Arbitrary File Access via Language Variable

Take action and discover your vulnerabilities