Vulnerability Details : CVE-2011-0063
Public exploit exists!
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2011-0063
Probability of exploitation activity in the next 30 days: 3.98%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0063
-
Majordomo2 _list_file_get() Directory Traversal
Disclosure Date: 2011-03-08First seen: 2020-04-26auxiliary/scanner/http/majordomo2_directory_traversalThis module exploits a directory traversal vulnerability present in the _list_file_get() function of Majordomo2 (help function). By default, this module will attempt to download the Majordomo config.pl file. Authors: - Nikolas Sotiriu
CVSS scores for CVE-2011-0063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0063
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0063
-
http://sotiriu.de/adv/NSOADV-2011-003.txt
Exploit
-
http://securityreason.com/securityalert/8133
Majordomo2 help Command Directory Traversal (Patch Bypass) - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66011
Majordomo _list_file_get() directory traversal CVE-2011-0063 Vulnerability Report
-
http://www.securityfocus.com/archive/1/516923/100/0/threaded
SecurityFocus
-
https://bugzilla.mozilla.org/show_bug.cgi?id=631307
631307 - (CVE-2011-0063) Possible to bypass fix for CVE-2011-0049 (majordomo2 directory traversal in 'help' command)Exploit;Patch
Products affected by CVE-2011-0063
- cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110130:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110201:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110202:*:*:*:*:*:*:*
- cpe:2.3:a:mj2:majordomo_2:20110131:*:*:*:*:*:*:*