Vulnerability Details : CVE-2011-0049
Public exploit exists!
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2011-0049
Probability of exploitation activity in the next 30 days: 88.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0049
-
Majordomo2 _list_file_get() Directory Traversal
Disclosure Date: 2011-03-08First seen: 2020-04-26auxiliary/scanner/http/majordomo2_directory_traversalThis module exploits a directory traversal vulnerability present in the _list_file_get() function of Majordomo2 (help function). By default, this module will attempt to download the Majordomo config.pl file. Authors: - Nikolas Sotiriu
CVSS scores for CVE-2011-0049
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0049
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0049
-
https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481
628064 - (CVE-2011-0049) Directory traversal in majordomo2's 'help' commandPatch
-
http://www.securitytracker.com/id?1025024
Majordomo 2 Directory Traversal Flaw Discloses Arbitrary Files to Remote Users - SecurityTracker
-
http://www.vupen.com/english/advisories/2011/0288
Webmail | OVH- OVH
-
http://www.kb.cert.org/vuls/id/363726
VU#363726 - Majordomo 2 _list_file_get() directory traversal vulnerabilityUS Government Resource
-
http://securityreason.com/securityalert/8061
Majordomo2 - Directory Traversal (SMTP/HTTP) - CXSecurity.com
-
http://www.exploit-db.com/exploits/16103
Majordomo2 - 'SMTP/HTTP' Directory Traversal - Multiple remote Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
Majordomo _list_file_get() directory traversal CVE-2011-0049 Vulnerability Report
-
https://sitewat.ch/en/Advisory/View/1
Exploit
-
http://www.securityfocus.com/archive/1/516150/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/46127
Majordomo 2 'help' Command Directory Traversal VulnerabilityExploit
-
https://bugzilla.mozilla.org/show_bug.cgi?id=628064
628064 - (CVE-2011-0049) Directory traversal in majordomo2's 'help' commandExploit;Patch
Products affected by CVE-2011-0049
- cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*