CVE-2006-5210

Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").

Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2006-10-16 07:07:00.000-04
Last Modified2018-10-17 05:41:40.000-04

Vulnerable Software List

VendorProductVersions
Ciphertrust Ironmail 4.1, 4.5.1, 5.0.1, 6.1.1

References

SourceLink
SREASON1726
SECTRACK1017069
BUGTRAQ20061013 SYMSA-2006-010: Directory Traversal in IronWebMail
BID20436
MISChttp://www.symantec.com/enterprise/research/SYMSA-2006-010.txt
VUPENADV-2006-4055
XFironwebmail-url-directory-traversal(29620)
MISChttps://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html