| VID |
22358 |
| Severity |
30 |
| Port |
8484, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Ipswitch IMail Server is vulnerable to a directory traversal vulnerability in the Web Calendaring server. Ipswitch IMail Server is a Web-based mail server for Microsoft Windows operating systems. Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2 are vulnerable to a directory traversal vulnerability in the Web Calendaring server. A remote attacker could send a specially-crafted URL request including dot-dot-slash (../) character sequences to read arbitrary files outside of the document root with System level privileges.
* References:
http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
http://securitytracker.com/id?1014047
* Platforms Affected:
Ipswitch, Inc., Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest IMail Server from:
http://www.imailserver.com/products/imail-server/ |
| Related URL |
CVE-2005-1252 (CVE) |
| Related URL |
13727 (SecurityFocus) |
| Related URL |
(ISS) |
|
