Vulnerability Details CVE-2006-5487
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/22806
- http://securityreason.com/securityalert/1857
- http://securitytracker.com/id?1017209
- http://www.marshal.com/kb/article.aspx?id=11450
- http://www.securityfocus.com/archive/1/451143/100/0/threaded
- http://www.securityfocus.com/bid/20999
- http://www.vupen.com/english/advisories/2006/4457
- http://www.zerodayinitiative.com/advisories/ZDI-06-039.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30188
- http://secunia.com/advisories/22806
- http://securityreason.com/securityalert/1857
- http://securitytracker.com/id?1017209
- http://www.marshal.com/kb/article.aspx?id=11450
- http://www.securityfocus.com/archive/1/451143/100/0/threaded
- http://www.securityfocus.com/bid/20999
- http://www.vupen.com/english/advisories/2006/4457
- http://www.zerodayinitiative.com/advisories/ZDI-06-039.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30188
Products affected by CVE-2006-5487
-
cpe:2.3:a:marshal:mailmarshal_smtp:2006
-
cpe:2.3:a:marshal:mailmarshal_smtp:5.0
-
cpe:2.3:a:marshal:mailmarshal_smtp:6.0