CVE-2008-5301
Published Dec 1, 2008
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, or 5. Those packages do not include ManageSieve server.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0616CCF-D278-4B6D-A58B-393BCA128CF1"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:0.99.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3C7BE64-7C1E-4043-A1C5-D0A7377C01A7"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4240BD98-3C31-42CE-AF8F-045DD4BFC084"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C05ACA0-ED87-4DDF-94B6-8D25BE1790F1"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A8C0C4A-F9DB-4BB7-BFC5-BEC22C3FE40B"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7E00B56-A1E5-4261-8349-37654AA9FB64"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E66427AA-A9D4-413F-8354-EA61407307C1"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D74BE6C7-114D-4885-8472-FFE71C817B8A"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A349510-4D00-4978-93D9-3F9F5E0CD8DE"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B65B9EFD-1531-463C-992E-F0F16AABF9C3"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34BA7146-5793-44F4-9569-9D868FE6E325"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5078363-6B42-491B-A219-F8D8A86132BF"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1DDF093-B5C7-4AE5-B3D6-466C543AB2BF"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8BE860F-A3C2-43E0-BC75-503C437DAADD"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E6F249C-2793-46B5-A9E2-5EB3A62FF8E4"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4E57B06-8650-4374-B643-6FCBE3ABDAF5"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0384E42-1506-4C08-AA5A-18B2A711C7F0"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5DC1CE5-50B9-426E-B98A-224DC499AB15"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "350A26D6-A8BA-4125-A640-264E08D28CB0"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71057F4B-3040-4771-B989-9F3453934AAA"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1730EBB1-4071-4A23-B770-D564AF422273"
}
],
"operator": "OR"
}
]
}
]