Vulnerability Description
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marshal | Mailmarshal Smtp | 5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/22806Vendor Advisory
- http://securityreason.com/securityalert/1857
- http://securitytracker.com/id?1017209
- http://www.marshal.com/kb/article.aspx?id=11450Patch
- http://www.securityfocus.com/archive/1/451143/100/0/threaded
- http://www.securityfocus.com/bid/20999
- http://www.vupen.com/english/advisories/2006/4457
- http://www.zerodayinitiative.com/advisories/ZDI-06-039.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30188
- http://secunia.com/advisories/22806Vendor Advisory
- http://securityreason.com/securityalert/1857
- http://securitytracker.com/id?1017209
- http://www.marshal.com/kb/article.aspx?id=11450Patch
- http://www.securityfocus.com/archive/1/451143/100/0/threaded
- http://www.securityfocus.com/bid/20999
FAQ
What is CVE-2006-5487?
CVE-2006-5487 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in ...
How severe is CVE-2006-5487?
CVE-2006-5487 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5487?
Check the references section above for vendor advisories and patch information. Affected products include: Marshal Mailmarshal Smtp.