Lucene search

[email protected]CVE-2006-2308

HistoryJun 02, 2006 - 12:02 a.m.

CVE-2006-2308

2006-06-0200:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2308

directory traversal

imap service

eserv/3 3.25

authentication

email messages

remote exploitation

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.7%

JSON

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user’s email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

CPENameOperatorVersion
etype:eservetype eserveq3.0
etype:eservetype eserveq3.25

CPE	Name	Operator	Version
etype:eserv	etype eserv	eq	3.0
etype:eserv	etype eserv	eq	3.25

References

secunia.com/advisories/20059

secunia.com/secunia_research/2006-37/advisory/

securityreason.com/securityalert/1006

www.eserv.ru/ru/news/news_detail.php?ID=235

www.securityfocus.com/archive/1/435415/100/0/threaded

www.securityfocus.com/bid/18179

www.vupen.com/english/advisories/2006/2066

exchange.xforce.ibmcloud.com/vulnerabilities/26738

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2006-2308

prion1 securityvulns1