CVE-2006-2414

2006-05-1610:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2414

directory traversal

dovecot 1.0

vulnerability

nvd

security

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via “…” sequences in the (1) LIST or (2) DELETE IMAP command.

CPENameOperatorVersion
timo_sirainen:dovecottimo sirainen dovecoteq1.0_beta7
timo_sirainen:dovecottimo sirainen dovecoteq1.0_beta2
timo_sirainen:dovecottimo sirainen dovecoteq1.0
timo_sirainen:dovecottimo sirainen dovecoteq1.0_beta3

CPE	Name	Operator	Version
timo_sirainen:dovecot	timo sirainen dovecot	eq	1.0_beta7
timo_sirainen:dovecot	timo sirainen dovecot	eq	1.0_beta2
timo_sirainen:dovecot	timo sirainen dovecot	eq	1.0
timo_sirainen:dovecot	timo sirainen dovecot	eq	1.0_beta3