Lucene search

[email protected]CVE-2006-4258

HistoryAug 21, 2006 - 8:04 p.m.

CVE-2006-4258

2006-08-2120:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

4258

absolute path traversal

anti-spam smtp proxy

assp

vulnerability

remote authentication

arbitrary files

nvd

7.1 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.0%

JSON

Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter.

CPENameOperatorVersion
john_hanna:anti-spam_smtp_proxy_serverjohn hanna anti-spam smtp proxy servereq1.2.3

CPE	Name	Operator	Version
john_hanna:anti-spam_smtp_proxy_server	john hanna anti-spam smtp proxy server	eq	1.2.3

References

lists.grok.org.uk/pipermail/full-disclosure/2006-August/048853.html

secunia.com/advisories/21523

www.securityfocus.com/bid/19545

www.vupen.com/english/advisories/2006/3289

exchange.xforce.ibmcloud.com/vulnerabilities/28392

7.1 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.0%

JSON