Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026
CVE-2002-0418
CVE-2002-0418
Description
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
Affected products
15cpe:2.3:a:endymion:sake_mail:1.0.20:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:endymion:sake_mail:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:endymion:sake_mail:1.0.36:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/4223nvdExploitVendor Advisory
- online.securityfocus.com/archive/1/259730nvdVendor Advisory
- www.iss.net/security_center/static/8358.phpnvdVendor Advisory
News mentions
0No linked articles in our index yet.