| Tripbit Security Advisory | TA-150903 |
Severity:
|
Medium/High |
Application: |
IMail v6.00/v8.02 |
Platform: |
Windows |
Class: |
Directory Traversal Vulnerability |
Release
Date: |
August, 15th 2003 |
Vendor:
|
http://www.ipswitch.com |
IMail
Server for Windows NT is a high performance SMTP/POP3 e-mail server geared
for today's Internet and corporate intranet messaging requirements. Now
with antispamming controls, IMAP4, and LDAP support, it offers businesses
an attractive alternative to more complex and higher-priced proprietary
products. |
IMail
is vulnerable to two Directory Traversal vulnerabilities, firstly in the
Web Calendaring Service, part of IMail v8.02 and secondly in the Web Messaging
Service, part of IMail v6.00 an earlier version.
The standard port for the Web Calendaring Service is 8484 and for the Web Messaging Service 8383. Example: |
No solution for the moment. |
The
vendor has been notified about this report. |
The
information within this paper may change without notice. Use of this information
constitutes acceptance for use in an 'AS IS' condition. There are 'NO'
warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. |
| This
vulnerability has been found and researched by: posidron posidron@tripbit.org rushjo rushjo@tripbit.org |
You
can find the latest version of this warning under the following URL: http://www.tripbit.org/advisories/TA-150903.html |