5.5

CVE-2006-2308

EPSS 2.23%
Veröffentlicht 02.06.2006 00:02:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Etype ≫ Eserv Version3.0

Etype ≫ Eserv Version3.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.23%	0.838

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/20059

Patch

Vendor Advisory

http://secunia.com/secunia_research/2006-37/advisory/

Vendor Advisory

http://securityreason.com/securityalert/1006

http://www.eserv.ru/ru/news/news_detail.php?ID=235

Patch

http://www.securityfocus.com/archive/1/435415/100/0/threaded

http://www.securityfocus.com/bid/18179

Patch

http://www.vupen.com/english/advisories/2006/2066

https://exchange.xforce.ibmcloud.com/vulnerabilities/26738

https://nvd.nist.gov/vuln/detail/CVE-2006-2308

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2308

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2308

EUVD