CVE-2010-3095 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
mailscanner	mailscanner	𝑥 < 4.79.11-2.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mailscanner

hardy	ignored
lucid	ignored
maverick	ignored
natty	not-affected
oneiric	dne
precise	dne
quantal	dne
raring	dne
saucy	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://access.redhat.com/security/cve/cve-2010-3095

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403

https://security-tracker.debian.org/tracker/CVE-2010-3095

https://www.openwall.com/lists/oss-security/2010/09/13/9

https://access.redhat.com/security/cve/cve-2010-3095

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403

https://security-tracker.debian.org/tracker/CVE-2010-3095

https://www.openwall.com/lists/oss-security/2010/09/13/9