Sign-up

ID

VAR-200505-1217


CVE

CVE-2005-1252


TITLE

Ipswitch IMail IMAP SELECT Command denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1204

DESCRIPTION

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. There is a remote denial of service vulnerability in the Imail IMAP server of Ipswitch Inc. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. If the attacker can provide a string with a length of about 260 bytes, it may trigger a stack overflow and cause the daemon to exit. However, this vulnerability cannot be further exploited

Trust: 1.26

sources: NVD: CVE-2005-1252 // BID: 13727 // VULHUB: VHN-12461

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:8.13

Trust: 1.9

vendor:ipswitchmodel:imail serverscope:lteversion:8.2_hotfix_2

Trust: 1.0

vendor:ipswitchmodel:imail serverscope:eqversion:8.2_hotfix_2

Trust: 0.6

vendor:ipswitchmodel:imail hotfixscope:eqversion:8.151

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.14

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.0.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.0.3

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.12

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.7

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.3

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.3

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.3

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.8

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.7

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 0.3

vendor:ipswitchmodel:imail hotfixscope:neversion:8.22

Trust: 0.3

sources: BID: 13727 // CNNVD: CNNVD-200505-1204 // NVD: CVE-2005-1252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1252
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-1204
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12461
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1252
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12461
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12461 // CNNVD: CNNVD-200505-1204 // NVD: CVE-2005-1252

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-1204

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200505-1204

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12461

EXTERNAL IDS
db:NVDid:CVE-2005-1252
Trust: 2.0
db:BIDid:13727
Trust: 2.0
db:SECTRACKid:1014047
Trust: 1.7
db:CNNVDid:CNNVD-200505-1204
Trust: 0.7
db:IDEFENSEid:20050524 IPSWITCH IMAIL WEB CALENDARING ARBITRARY FILE READ VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:39313
Trust: 0.1
db:VULHUBid:VHN-12461
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12461 // 
            
            
            
            BID: 13727 // 
            
            
            
            CNNVD: CNNVD-200505-1204 // 
            
            
            
            NVD: CVE-2005-1252

REFERENCES
url:http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
Trust: 2.0
url:http://www.securityfocus.com/bid/13727
Trust: 1.7
url:http://securitytracker.com/id?1014047
Trust: 1.7
url:http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities
Trust: 1.6
url:http://www.ipswitch.com/products/imail_server/index.asp
Trust: 0.3
url:/archive/1/400543
Trust: 0.3
url:/archive/1/400542
Trust: 0.3
url:/archive/1/400546
Trust: 0.3
url:/archive/1/400541
Trust: 0.3
url:/archive/1/400545
Trust: 0.3
url:http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12461 // 
            
            
            
            BID: 13727 // 
            
            
            
            CNNVD: CNNVD-200505-1204 // 
            
            
            
            NVD: CVE-2005-1252

CREDITS
Sebastian Apelt
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200505-1204

SOURCES
db:VULHUBid:VHN-12461
db:BIDid:13727
db:CNNVDid:CNNVD-200505-1204
db:NVDid:CVE-2005-1252

LAST UPDATE DATE
2024-08-14T14:22:56.501000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12461date:2008-11-15T00:00:00
db:BIDid:13727date:2007-04-03T03:12:00
db:CNNVDid:CNNVD-200505-1204date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1252date:2008-11-15T05:46:11.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-12461date:2005-05-25T00:00:00
db:BIDid:13727date:2005-05-24T00:00:00
db:CNNVDid:CNNVD-200505-1204date:2005-05-25T00:00:00
db:NVDid:CVE-2005-1252date:2005-05-25T04:00:00