Lucene search

[email protected]CVE-2004-1670

HistorySep 10, 2004 - 4:00 a.m.

CVE-2004-1670

2004-09-1004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

1670

directory traversal

vulnerability

merak mail server

icewarp web mail

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a … (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a …// (doubled dot dot) in the folderold or folder parameters to folders.html.

CPENameOperatorVersion
merak:mail_servermerak mail servereq7.4.5
icewarp:web_mailicewarp web maileq5.2.7
icewarp:web_mailicewarp web maileq5.2.8
icewarp:web_mailicewarp web maileq3.3.2

CPE	Name	Operator	Version
merak:mail_server	merak mail server	eq	7.4.5
icewarp:web_mail	icewarp web mail	eq	5.2.7
icewarp:web_mail	icewarp web mail	eq	5.2.8
icewarp:web_mail	icewarp web mail	eq	3.3.2

References

marc.info/?l=bugtraq&m=109483971420067&w=2

secunia.com/advisories/12789

www.securityfocus.com/bid/11371

exchange.xforce.ibmcloud.com/vulnerabilities/17314

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2004-1670

nessus1