Sign-up

ID

VAR-200010-0032


CVE

CVE-2000-0780


TITLE

IPSWITCH IMail web Server vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200010-093

DESCRIPTION

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it's end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. It should be noted that once a user attachs the files in question the server deletes them

Trust: 1.26

sources: NVD: CVE-2000-0780 // BID: 1617 // VULHUB: VHN-2357

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:6.4

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.3

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.2

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.1

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.0

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.6

sources: BID: 1617 // CNNVD: CNNVD-200010-093 // NVD: CVE-2000-0780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0780
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200010-093
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2357
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0780
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2357
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-2357 // CNNVD: CNNVD-200010-093 // NVD: CVE-2000-0780

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200010-093

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200010-093

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-2357

EXTERNAL IDS
db:BIDid:1617
Trust: 2.0
db:NVDid:CVE-2000-0780
Trust: 1.7
db:CNNVDid:CNNVD-200010-093
Trust: 0.7
db:BUGTRAQid:20000830 VULNERABILITY REPORT ON IPSWITCH'S IMAIL
Trust: 0.6
db:EXPLOIT-DBid:20182
Trust: 0.1
db:SEEBUGid:SSVID-74070
Trust: 0.1
db:VULHUBid:VHN-2357
Trust: 0.1
sources:
            
            
            VULHUB: VHN-2357 // 
            
            
            
            BID: 1617 // 
            
            
            
            CNNVD: CNNVD-200010-093 // 
            
            
            
            NVD: CVE-2000-0780

REFERENCES
url:http://www.securityfocus.com/bid/1617
Trust: 1.7
url:http://www.ipswitch.com/support/imail/news.html
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=96767207207553&w=2
Trust: 1.1
url:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2
Trust: 0.6
url:http://www.ipswitch.com/products/imail_server/index.asp
Trust: 0.3
url:http://www.ipswitch.com/products/imail_server/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-2357 // 
            
            
            
            BID: 1617 // 
            
            
            
            CNNVD: CNNVD-200010-093 // 
            
            
            
            NVD: CVE-2000-0780

CREDITS
This vulnerability was discovered and reported by Timescape <vellad@kattare.com>.

 This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp@securi
Trust: 0.3
sources:
            
            
            BID: 1617

SOURCES
db:VULHUBid:VHN-2357
db:BIDid:1617
db:CNNVDid:CNNVD-200010-093
db:NVDid:CVE-2000-0780

LAST UPDATE DATE
2024-08-14T14:23:17.803000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-2357date:2016-10-18T00:00:00
db:BIDid:1617date:2000-08-30T00:00:00
db:CNNVDid:CNNVD-200010-093date:2005-05-02T00:00:00
db:NVDid:CVE-2000-0780date:2016-10-18T02:07:29.647

SOURCES RELEASE DATE
db:VULHUBid:VHN-2357date:2000-10-20T00:00:00
db:BIDid:1617date:2000-08-30T00:00:00
db:CNNVDid:CNNVD-200010-093date:2000-10-20T00:00:00
db:NVDid:CVE-2000-0780date:2000-10-20T04:00:00