CVE-2002-0418
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2002
Last modified:
03/04/2025
Description
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:endymion:sake_mail:1.0.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.23:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.24:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.26:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.27:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.28:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.29:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.33:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.34:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.35:*:*:*:*:*:*:* | ||
| cpe:2.3:a:endymion:sake_mail:1.0.36:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page