Vulnerability Details : CVE-2005-1252
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
Vulnerability category: Directory traversal
Products affected by CVE-2005-1252
- cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-1252
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-1252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-1252
Jump to