CVE-2005-1252

Published: May 25, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.

Affected (2)

Products: Ipswitch: Imail, Imail Server

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ipswitch Imail	Version 8.13
Ipswitch Imail Server	Up to 8.2_hotfix_2

References (8)

http://securitytracker.com/id?1014047

Source: cve@mitre.org

http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities

Source: cve@mitre.org

Vendor Advisory

http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/13727

Source: cve@mitre.org

http://securitytracker.com/id?1014047

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/13727

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.