3.25

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

etype

NVD

Published: 2006-06-02

Updated: 2018-10-18

Summary

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

Vulnerable Configurations

Part	Description	Count
Application	Etype Etype Eserv 3.0 Etype Eserv 3.25	2

References

http://secunia.com/advisories/20059
http://secunia.com/secunia_research/2006-37/advisory/
http://securityreason.com/securityalert/1006
http://www.eserv.ru/ru/news/news_detail.php?ID=235
http://www.securityfocus.com/archive/1/435415/100/0/threaded
http://www.securityfocus.com/bid/18179
http://www.vupen.com/english/advisories/2006/2066
https://exchange.xforce.ibmcloud.com/vulnerabilities/26738