CVE-2007-3172 : Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the ex

Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter.

Published 2007-06-11 22:30:00

Updated 2017-07-29 01:32:02

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2007-3172

Probability of exploitation activity in the next 30 days: 0.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3172

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2007-3172

Products affected by CVE-2007-3172

Uebimiau » Uebimiau » Version: 2.7.9
cpe:2.3:a:uebimiau:uebimiau:2.7.9:*:*:*:*:*:*:*
Matching versions
Uebimiau » Uebimiau » Version: 2.7.10
cpe:2.3:a:uebimiau:uebimiau:2.7.10:*:*:*:*:*:*:*
Matching versions
Uebimiau » Uebimiau » Version: 2.7.2
cpe:2.3:a:uebimiau:uebimiau:2.7.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-3172

Exploit prediction scoring system (EPSS) score for CVE-2007-3172

CVSS scores for CVE-2007-3172

References for CVE-2007-3172

Products affected by CVE-2007-3172