Directory traversal vulnerability in IronWebMail prior to 6.1.1 HotFix-17 allows remote malicious users to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ciphertrust ironmail 4.1 |
||
ciphertrust ironmail 4.5.1 |
||
ciphertrust ironmail 5.0.1 |
||
ciphertrust ironmail |