Lucene search

K
cve[email protected]CVE-2004-1670
HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1670

2005-02-2005:00:00
web.nvd.nist.gov
26
cve
2004
1670
directory traversal
vulnerability
merak mail server
icewarp web mail
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a … (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a …// (doubled dot dot) in the folderold or folder parameters to folders.html.

Affected configurations

NVD
Node
icewarpweb_mailMatch3.3.2
OR
icewarpweb_mailMatch5.2.7
OR
icewarpweb_mailMatch5.2.8
OR
merakmail_serverMatch7.4.5

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

Related for CVE-2004-1670