CVE-2006-2308

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20059	Patch Vendor Advisory
http://secunia.com/secunia_research/2006-37/advisory/	Vendor Advisory
http://securityreason.com/securityalert/1006
http://www.eserv.ru/ru/news/news_detail.php?ID=235	Patch
http://www.securityfocus.com/archive/1/435415/100/0/threaded
http://www.securityfocus.com/bid/18179	Patch
http://www.vupen.com/english/advisories/2006/2066
https://exchange.xforce.ibmcloud.com/vulnerabilities/26738

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:etype:eserv:3.0:::::::*
	cpe:2.3:a:etype:eserv:3.25:::::::*

History

No history.

Information

Published : 2006-06-02 00:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-2308

Mitre link : CVE-2006-2308

CVE.ORG link : CVE-2006-2308

JSON object : View

Products Affected

etype

eserv

CWE

NVD-CWE-Other

{"id": "CVE-2006-2308", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-02T00:02:00.000", "references": [{"url": "http://secunia.com/advisories/20059", "tags": ["Patch", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2006-37/advisory/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://securityreason.com/securityalert/1006", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.eserv.ru/ru/news/news_detail.php?ID=235", "tags": ["Patch"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/435415/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/18179", "tags": ["Patch"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2006/2066", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26738", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands."}], "lastModified": "2018-10-18T16:39:03.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8071783F-930B-41C1-9284-290314BDB568"}, {"criteria": "cpe:2.3:a:etype:eserv:3.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A76EA1C-D6C0-4AA3-91FD-2FF4301304B4"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}