CVE-2006-2917

Sažetak

Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.

Reference

http://secunia.com/advisories/20707
http://secunia.com/secunia_research/2006-48/advisory/
http://www.securityfocus.com/bid/18908
http://www.vupen.com/english/advisories/2006/2730
http://www.wingate.com/download.php

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:37

Objavljeno

10-07-2006 - 19:05