CVE-2002-1711
published 2002-12-31CVE-2002-1711: BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
PriorityP45low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.35%
26.7th percentile
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basilix | basilix_webmail | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Incorrect Default Permissions
mitre_cwe
CWE-276 Incorrect Default Permissions
CWE-276: Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Phase: Installation
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Application Data, Modify Application Data.
Detection Methods:
Automated Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Inter-application Flow Analysis (Effectiveness: SOAR Partial)
Manual Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Binary / Bytecode disassemble
CWE
Behavioral Change in New Version or Environment
mitre_cwe·CVSS 2.1
CVE-2002-1976 [LOW] CWE-439 Behavioral Change in New Version or Environment
CWE-439: Behavioral Change in New Version or Environment
A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Other. Impact: Quality Degradation, Varies by Context.
Observed Examples:
CVE-2002-1976: Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).
CVE-2005-1711: Product uses defunct method from another product that does not return an error code and allows detection avoidance.
CVE-2003-0411: chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.htmlhttp://online.securityfocus.com/archive/1/277710http://www.securityfocus.com/bid/5065https://exchange.xforce.ibmcloud.com/vulnerabilities/9387http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.htmlhttp://online.securityfocus.com/archive/1/277710http://www.securityfocus.com/bid/5065https://exchange.xforce.ibmcloud.com/vulnerabilities/9387
2002-12-31
Published