Vulnerabilities > CVE-2005-1252 - Unspecified vulnerability in Ipswitch Imail and Imail Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ipswitch
nessus
NVD
Published: 2005-05-25
Updated: 2024-11-20

Summary

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
2

Nessus

NASL familyWeb Servers
NASL idIPSWITCH_IMAIL_WEBCALENDAR_DIR.NASL
descriptionThe remote server is running Ipswitch IMail Web calendaring. The remote version of this software is vulnerable to a directory traversal attack. An attacker, exploiting this vulnerability, may be able to retrieve sensitive files present on the server.
last seen2020-06-01
modified2020-06-02
plugin id18368
published2005-05-25
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18368
titleIpswitch IMail Web Calendaring Server GET Request Traversal Arbitrary File Access
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(18368);
 script_version("1.21");
 script_cvs_date("Date: 2018/11/15 20:50:25");

 script_cve_id("CVE-2005-1252");
 script_bugtraq_id(13727);

 script_name(english:"Ipswitch IMail Web Calendaring Server GET Request Traversal Arbitrary File Access");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is prone to a directory traversal attack.");
 script_set_attribute(attribute:"description", value:
"The remote server is running Ipswitch IMail Web calendaring. 

The remote version of this software is vulnerable to a directory
traversal attack.  An attacker, exploiting this vulnerability, may be
able to retrieve sensitive files present on the server.");
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2721ee84");
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/400545");
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d4dce96");
 script_set_attribute(attribute:"solution", value:
"Apply IMail Server 8.2 Hotfix 2 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/24");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:ipswitch:imail");
 script_end_attributes();
 
 script_summary(english:"Ipswitch IMail WebCalendar Directory Traversal Vulnerability");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 8484);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:8484);

banner = get_http_banner (port:port);

if ("Ipswitch Web Calendaring" >!< banner)
  exit (0);

r[0] = "nessus.jsp?\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini";
r[1] = "nessus.jsp?\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini";

for (i=0; i < 2; i++)
{
  if (check_win_dir_trav(port: port, url: r[i]))
  {
    security_warning(port);
    exit(0);
  }
}

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/39313/05.24.05-4.txt
idPACKETSTORM:39313
last seen2016-12-05
published2005-08-14
reporteriDefense Labs
sourcehttps://packetstormsecurity.com/files/39313/iDEFENSE-Security-Advisory-2005-05-24.4.html
titleiDEFENSE Security Advisory 2005-05-24.4

Saint

  • bid13727
    descriptionIMail IMAP STATUS buffer overflow
    idmail_imap_imail
    osvdb16806
    titleimail_imap_status
    typeremote
  • bid13727
    descriptionIMail IMAP LOGIN special character vulnerability
    idmail_imap_imail
    osvdb16804
    titleimail_imap_login_specialchar
    typeremote

References