CVE-2006-2917
First published: Mon Jul 10 2006(Updated: )
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qbik WinGate | =6.1.2.1094 | |
| Qbik WinGate | =6.1.3.1096 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-2917?
CVE-2006-2917 is classified as a high severity vulnerability due to its potential for unauthorized access to sensitive email data.
How do I fix CVE-2006-2917?
To fix CVE-2006-2917, upgrade the WinGate software to version 6.1.4 Build 1099 or later.
What versions are affected by CVE-2006-2917?
CVE-2006-2917 affects WinGate versions 6.1.2.1094 and 6.1.3.1096.
What type of attack does CVE-2006-2917 enable?
CVE-2006-2917 enables authenticated remote users to exploit directory traversal and access the emails of other users.
Who is impacted by CVE-2006-2917?
Users of the WinGate IMAP server software versions 6.1.2.1094 and 6.1.3.1096 are impacted by CVE-2006-2917.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/qbik
- product/wingate
- canonical/qbik wingate
- version/qbik wingate/6.1.2.1094
- version/qbik wingate/6.1.3.1096