Vulnerability Description
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mercur | Mercur Messaging | 2005_sp2 |
References
- http://secunia.com/advisories/15234
- http://www.osvdb.org/16220
- http://www.osvdb.org/16221
- http://www.osvdb.org/16222
- http://www.osvdb.org/16223
- http://www.osvdb.org/16224
- http://www.osvdb.org/16225
- http://secunia.com/advisories/15234
- http://www.osvdb.org/16220
- http://www.osvdb.org/16221
- http://www.osvdb.org/16222
- http://www.osvdb.org/16223
- http://www.osvdb.org/16224
- http://www.osvdb.org/16225
FAQ
What is CVE-2005-1657?
CVE-2005-1657 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) delet...
How severe is CVE-2005-1657?
CVE-2005-1657 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1657?
Check the references section above for vendor advisories and patch information. Affected products include: Mercur Mercur Messaging.