CVE-2012-4940
published 2012-10-31CVE-2012-4940: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary…
PriorityP273medium6.4CVSS 2.0
AVNACLAuNCPIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
83.63%
99.7th percentile
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal attempts targeting the fileName parameter in requests to the Axigen WebAdmin log viewer. Look for '..\' sequences in the fileName parameter on both the default URI (page=vlf) and /source/loggin/page_log_dwn_file.hsp. ↗
- →Successful exploitation of the file read path will return Windows win.ini content; match response body for the strings 'bit app support', 'fonts', and 'extensions' together as a confirmation of arbitrary file read. ↗
- →The vulnerability is exploitable without authentication (Au:N) and is known to work on Windows platforms where the process runs with SYSTEM privileges, making file reads of sensitive OS files (e.g., win.ini) a reliable indicator. ↗
- ·Exploitation has been confirmed on Windows platforms (Axigen 8.10 on Windows 2003 SP2); traversal behavior on non-Windows deployments is unconfirmed. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-32jr-8q2g-wwf3: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbit
ghsa_unreviewed·2022-05-17
CVE-2012-4940 [MEDIUM] CWE-22 GHSA-32jr-8q2g-wwf3: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbit
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
VulnCheck
gecad axigen_free_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2012·CVSS 6.4
CVE-2012-4940 [MEDIUM] gecad axigen_free_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
gecad axigen_free_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
Affected: gecad axigen_free_mail_server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://w
No detection rules found.
Exploit-DB
Axigen Mail Server - 'Filename' Directory Traversal
exploitdb·2012-10-31
CVE-2012-4940 Axigen Mail Server - 'Filename' Directory Traversal
Axigen Mail Server - 'Filename' Directory Traversal
---
source: https://www.securityfocus.com/bid/56343/info
Axigen Mail Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied data.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to obtain sensitive information, cause a denial of service condition, or execute arbitrary code with the privileges of the application. This could help the attacker launch further attacks.
http://www.example.com/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini
http://www.example.com/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini
Nuclei
Axigen Mail Server Filename Directory Traversal
nuclei·CVSS 6.4
CVE-2012-4940 [MEDIUM] Axigen Mail Server Filename Directory Traversal
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.
Template:
id: CVE-2012-4940
info:
name: Axigen Mail Server Filename Directory Traversal
author: dhiyaneshDk
severity: medium
description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or
Metasploit
Axigen Arbitrary File Read and Delete
metasploit
Axigen Arbitrary File Read and Delete
Axigen Arbitrary File Read and Delete
This module exploits a directory traversal vulnerability in the WebAdmin interface of Axigen, which allows an authenticated user to read and delete arbitrary files with SYSTEM privileges. The vulnerability is known to work on Windows platforms. This module has been tested successfully on Axigen 8.10 over Windows 2003 SP2.
2012-10-31
Published
Exploited in the wild