CVE-2004-1715
First published: Wed Aug 11 2004(Updated: )
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clearswift MIMEsweeper for Web | =4.0 | |
| Clearswift MIMEsweeper for Web | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1715?
CVE-2004-1715 is categorized as a medium severity vulnerability due to its potential for unauthorized file access.
How do I fix CVE-2004-1715?
To fix CVE-2004-1715, upgrade MIMEsweeper for Web to version 5.0.4 or later, which addresses this vulnerability.
Who is affected by CVE-2004-1715?
CVE-2004-1715 affects users of Clearswift MIMEsweeper for Web versions 4.0 and 5.0.1.
What are the exploit techniques for CVE-2004-1715?
CVE-2004-1715 can be exploited using directory traversal sequences such as '..\' in the URL to access restricted files.
What types of files can be accessed through CVE-2004-1715?
An attacker exploiting CVE-2004-1715 may read arbitrary files on the server that the application has permissions to access.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/clearswift
- canonical/clearswift mimesweeper for web
- version/clearswift mimesweeper for web/4.0
- version/clearswift mimesweeper for web/5.0.1