CVE-2004-1670

High

7.5/10

Summary

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

References

Advisory Timeline

Published Sep 10, 2004

CVE-2004-1670

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS