CVE-2005-1252
First published: Wed May 25 2005(Updated: )
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch IMail | =8.13 | |
| Ipswitch IMail Secure Server | <=8.2_hotfix_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1252?
CVE-2005-1252 is classified as a high severity vulnerability due to its potential to allow remote attackers to read arbitrary files on the server.
How do I fix CVE-2005-1252?
To fix CVE-2005-1252, upgrade to Ipswitch IMail Server version 8.2 Hotfix 2 or later.
Which versions are affected by CVE-2005-1252?
CVE-2005-1252 affects Ipswitch IMail version 8.13 and earlier versions of IMail Server prior to 8.2 Hotfix 2.
What type of vulnerability is CVE-2005-1252?
CVE-2005-1252 is a directory traversal vulnerability that can lead to unauthorized file access.
Can CVE-2005-1252 be exploited remotely?
Yes, CVE-2005-1252 can be exploited remotely by sending crafted GET requests to the affected server.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ipswitch
- canonical/ipswitch imail
- version/ipswitch imail/8.13
- canonical/ipswitch imail secure server
- version/ipswitch imail secure server/8.2_hotfix_2