First published: Wed May 25 2005(Updated: )
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ipswitch IMail | =8.13 | |
Ipswitch IMail Secure Server | <=8.2_hotfix_2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-1252 is classified as a high severity vulnerability due to its potential to allow remote attackers to read arbitrary files on the server.
To fix CVE-2005-1252, upgrade to Ipswitch IMail Server version 8.2 Hotfix 2 or later.
CVE-2005-1252 affects Ipswitch IMail version 8.13 and earlier versions of IMail Server prior to 8.2 Hotfix 2.
CVE-2005-1252 is a directory traversal vulnerability that can lead to unauthorized file access.
Yes, CVE-2005-1252 can be exploited remotely by sending crafted GET requests to the affected server.