First published: Fri Oct 13 2000(Updated: )
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ipswitch IMail | =5.0 | |
Ipswitch IMail | =6.0 | |
Ipswitch IMail | =6.1 | |
Ipswitch IMail | =6.2 | |
Ipswitch IMail | =6.3 | |
Ipswitch IMail | =6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0780 has been classified as a medium severity vulnerability due to its potential to allow unauthorized access to server files.
To fix CVE-2000-0780, upgrade to IPSWITCH IMail version 6.5 or above, which addresses this vulnerability.
CVE-2000-0780 allows remote attackers to read and delete arbitrary files on the server, which can lead to data loss or breach.
IPSWITCH IMail versions 5.0 to 6.4 are affected by CVE-2000-0780.
Disabling remote file access and implementing strict file permissions can serve as a temporary workaround for CVE-2000-0780.