Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2308

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2006-2308
Last Modified 07 Mar 2011 09:35:56
Published 01 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2308

Summary

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

Vulnerable Systems

Application

  • Etype Eserv 3.0

  • Etype Eserv 3.25


References

BID - 18179

CONFIRM - http://www.eserv.ru/ru/news/news_detail.php?ID=235

SECUNIA - 20059

VUPEN - ADV-2006-2066

BUGTRAQ - 20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities

MISC - http://secunia.com/secunia_research/2006-37/advisory/

XF - eserv-imap-directory-traversal(26738)

SREASON - 1006


Last Updated: 27 May 2016 10:42:25