Vulnerability Description
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Web Mail | 5.5.1 |
| Merak | Mail Server | 8.2.4r |
References
- http://marc.info/?l=bugtraq&m=112810385104168&w=2
- http://secunia.com/advisories/17046/Vendor Advisory
- http://www.securityfocus.com/bid/14986
- http://www.securityfocus.com/bid/14988Exploit
- http://www.vupen.com/english/advisories/2005/1933
- http://marc.info/?l=bugtraq&m=112810385104168&w=2
- http://secunia.com/advisories/17046/Vendor Advisory
- http://www.securityfocus.com/bid/14986
- http://www.securityfocus.com/bid/14988Exploit
- http://www.vupen.com/english/advisories/2005/1933
FAQ
What is CVE-2005-3133?
CVE-2005-3133 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directorie...
How severe is CVE-2005-3133?
CVE-2005-3133 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3133?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail, Merak Mail Server.