Vulnerability Description
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Imail | 8.13 |
| Ipswitch | Imail Server | <= 8.2_hotfix_2 |
References
- http://securitytracker.com/id?1014047
- http://www.idefense.com/application/poi/display?id=242&type=vulnerabilitiesVendor Advisory
- http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.htmlPatch
- http://www.securityfocus.com/bid/13727
- http://securitytracker.com/id?1014047
- http://www.idefense.com/application/poi/display?id=242&type=vulnerabilitiesVendor Advisory
- http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.htmlPatch
- http://www.securityfocus.com/bid/13727
FAQ
What is CVE-2005-1252?
CVE-2005-1252 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (...
How severe is CVE-2005-1252?
CVE-2005-1252 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1252?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Imail, Ipswitch Imail Server.