CVE-2001-0901

Name
CVE-2001-0901
Description
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory http://marc.info/?l=bugtraq&m=100626603407639&w=2
Broken Link http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/7576

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:hypermail_development:hypermail:*:*:*:*:*:*:*:* hypermail == None == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
hypermail edge-main 2.4.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail edge-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.23-main 2.4.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.22-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.21-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.20-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.19-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.18-main 2.4.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
hypermail 3.17-main 2.3.0-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable