CVE		CVE-2006-5210
Статус		Candidate
Описание		Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
Важность		Low
CVSS score		2,3
CVSS vector		(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Phase		Assigned (09.10.2006)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5210
References		BID : 20436
		BUGTRAQ : 20061013 SYMSA-2006-010: Directory Traversal in IronWebMail
		FRSIRT : ADV-2006-4055
		MISC : http://www.symantec.com/enterprise/research/SYMSA-...
		MISC : https://supportcenter.ciphertrust.com/vulnerabilit...
		SECTRACK : 1017069
		SECUNIA : 22406
		XF : ironwebmail-url-directory-traversal(29620)