| Vulnerability Name: | CVE-2001-0677 (CCN-6431) | ||||||||
| Assigned: | 2001-04-18 | ||||||||
| Published: | 2001-04-18 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Apr 17 2001 - 23:23:56 CDT Eudora file leakage problem (still) Source: MITRE Type: CNA CVE-2001-0677 Source: OSVDB Type: UNKNOWN 3085 Source: CCN Type: OSVDB ID: 3085 Eudora Crafted Attachment Converted MIME Header Remote File Disclosure Source: BUGTRAQ Type: Exploit, Vendor Advisory 20010418 Eudora file leakage problem (still) Source: BID Type: UNKNOWN 2616 Source: CCN Type: BID-2616 Qualcomm Eudora File Attachment Vulnerability Source: XF Type: UNKNOWN eudora-plain-text-attachment(6431) Source: XF Type: UNKNOWN eudora-plain-text-attachment(6431) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||