CVE-2005-1252
Summary
| CVE | CVE-2005-1252 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-05-25 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. |
Risk And Classification
Primary CVSS: v2.0 5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ipswitch | Imail | 8.13 | All | All | All |
| Application | Ipswitch | Imail Server | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advisory: 05.24.05 // VeriSign iDefense | af854a3a-2127-422b-91ae-364da2661108 | www.idefense.com | Vendor Advisory |
| SecurityTracker.com Archives - IPswitch IMail Bugs Let Remote Users View Files and Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Ipswitch IMail Server Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Ipswitch, Inc. - IMail Server Patches & Upgrades | af854a3a-2127-422b-91ae-364da2661108 | www.ipswitch.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.