CVE-2006-2917 : Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions b

Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.

Published 2006-07-10 19:05:00

Updated 2011-03-08 02:37:18

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2006-2917

Probability of exploitation activity in the next 30 days: 0.40%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-2917

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2006-2917

Products affected by CVE-2006-2917

Qbik » Wingate » Version: 6.1.2.1094
cpe:2.3:a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*
Matching versions
Qbik » Wingate » Version: 6.1.3.1096
cpe:2.3:a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-2917

Exploit prediction scoring system (EPSS) score for CVE-2006-2917

CVSS scores for CVE-2006-2917

References for CVE-2006-2917

Products affected by CVE-2006-2917