Vulnerability Description
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Etype | Eserv | 3.0 |
References
- http://secunia.com/advisories/20059PatchVendor Advisory
- http://secunia.com/secunia_research/2006-37/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1006
- http://www.eserv.ru/ru/news/news_detail.php?ID=235Patch
- http://www.securityfocus.com/archive/1/435415/100/0/threaded
- http://www.securityfocus.com/bid/18179Patch
- http://www.vupen.com/english/advisories/2006/2066
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26738
- http://secunia.com/advisories/20059PatchVendor Advisory
- http://secunia.com/secunia_research/2006-37/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1006
- http://www.eserv.ru/ru/news/news_detail.php?ID=235Patch
- http://www.securityfocus.com/archive/1/435415/100/0/threaded
- http://www.securityfocus.com/bid/18179Patch
- http://www.vupen.com/english/advisories/2006/2066
FAQ
What is CVE-2006-2308?
CVE-2006-2308 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and dele...
How severe is CVE-2006-2308?
CVE-2006-2308 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2308?
Check the references section above for vendor advisories and patch information. Affected products include: Etype Eserv.