CVE-2011-3201

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-3201
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2013-0516.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=657374 Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=733504 Patch Issue Tracking Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82450
https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56 Patch Vendor Advisory
https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:1.11:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.24:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.24.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.26.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.28.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.30.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution:2.32.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
History

13 Feb 2023, 04:32

Type Values Removed Values Added
Summary CVE-2011-3201 evolution: mailto URL scheme attachment header improper input validation GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0516', 'name': 'https://access.redhat.com/errata/RHSA-2013:0516', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2011-3201', 'name': 'https://access.redhat.com/security/cve/CVE-2011-3201', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:15

Type Values Removed Values Added
Summary GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. CVE-2011-3201 evolution: mailto URL scheme attachment header improper input validation
References
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0516 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2011-3201 -
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=733504 - Issue Tracking, Patch, Vendor Advisory (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=733504 - Patch, Issue Tracking, Vendor Advisory
Information

Published : 2013-03-08 21:55

Updated : 2023-12-10 11:16

NVD link : CVE-2011-3201

Mitre link : CVE-2011-3201

CVE.ORG link : CVE-2011-3201

JSON object : View

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation

gnome

  • evolution

oracle

  • solaris
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor