{"api_version":"1","generated_at":"2026-05-11T17:44:32+00:00","cve":"CVE-2006-2414","urls":{"html":"https://cve.report/CVE-2006-2414","api":"https://cve.report/api/cve/CVE-2006-2414.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2414","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2414"},"summary":{"title":"CVE-2006-2414","description":"Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-05-16 10:02:00","updated_at":"2018-10-18 16:39:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2006/2013","name":"ADV-2006-2013","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/913","name":"913","refsource":"SREASON","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dovecot.org/list/dovecot-cvs/2006-May/005563.html","name":"http://dovecot.org/list/dovecot-cvs/2006-May/005563.html","refsource":"CONFIRM","tags":[],"title":"[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-storage.c,\n\t1.145, 1.145.2.1","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://www.dovecot.org/list/dovecot-news/2006-May/000006.html","name":"http://www.dovecot.org/list/dovecot-news/2006-May/000006.html","refsource":"MISC","tags":["Patch"],"title":"[Dovecot-news] Security hole with mboxes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20308","name":"20308","refsource":"SECUNIA","tags":[],"title":"Dovecot \"LIST\" Command Directory Traversal Weakness - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20315","name":"20315","refsource":"SECUNIA","tags":[],"title":"Debian update for dovecot - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17961","name":"17961","refsource":"BID","tags":["Patch"],"title":"Dovecot Remote Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.debian.org/security/2006/dsa-1080","name":"DSA-1080","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1080-1 dovecot","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/433878/100/0/threaded","name":"20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26536","name":"dovecot-imap-list-information-disclosure(26536)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2414","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2414","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2414","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"timo_sirainen","cpe5":"dovecot","cpe6":"1.0_beta7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2006-2414","organization":"Red Hat","lastmodified":"2006-08-30","contributor":"Mark J Cox","statementText":"Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.","cve_year":"2006","cve_id":"2414","crc32":"f850fca9"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2414","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"DSA-1080","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1080"},{"name":"http://www.dovecot.org/list/dovecot-news/2006-May/000006.html","refsource":"MISC","url":"http://www.dovecot.org/list/dovecot-news/2006-May/000006.html"},{"name":"ADV-2006-2013","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2013"},{"name":"20315","refsource":"SECUNIA","url":"http://secunia.com/advisories/20315"},{"name":"17961","refsource":"BID","url":"http://www.securityfocus.com/bid/17961"},{"name":"913","refsource":"SREASON","url":"http://securityreason.com/securityalert/913"},{"name":"20308","refsource":"SECUNIA","url":"http://secunia.com/advisories/20308"},{"name":"http://dovecot.org/list/dovecot-cvs/2006-May/005563.html","refsource":"CONFIRM","url":"http://dovecot.org/list/dovecot-cvs/2006-May/005563.html"},{"name":"20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/433878/100/0/threaded"},{"name":"dovecot-imap-list-information-disclosure(26536)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26536"}]}},"nvd":{"publishedDate":"2006-05-16 10:02:00","lastModifiedDate":"2018-10-18 16:39:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2414","Ordinal":"17724","Title":"CVE-2006-2414","CVE":"CVE-2006-2414","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2414","Ordinal":"1","NoteData":"Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2414","Ordinal":"2","NoteData":"2006-05-16","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2414","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}