1. CVE-Search
  2. CVE-2006-2308
ID CVE-2006-2308
Summary Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
References
Vulnerable Configurations
  • cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:etype:eserv:3.25:*:*:*:*:*:*:*
    cpe:2.3:a:etype:eserv:3.25:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
refmap via4
bid 18179
bugtraq 20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities
confirm http://www.eserv.ru/ru/news/news_detail.php?ID=235
misc http://secunia.com/secunia_research/2006-37/advisory/
secunia 20059
sreason 1006
vupen ADV-2006-2066
xf eserv-imap-directory-traversal(26738)
Last major update 18-10-2018 - 16:39
Published 02-06-2006 - 00:02
Last modified 18-10-2018 - 16:39
Back to Top