CVE-2002-1385

Published: Dec 26, 2002Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

Affected (4)

Products: Open Webmail: Open Webmail

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Open Webmail Open Webmail	Version 1.71
Open Webmail Open Webmail	Version 1.7
Open Webmail Open Webmail	Version 1.81
Open Webmail Open Webmail	Version 1.8

References (10)

http://marc.info/?l=bugtraq&m=104031696120743&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104032263328026&w=2

Source: cve@mitre.org

http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/6425

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/10904

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104031696120743&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104032263328026&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/6425

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/10904

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.