Ciphertrust: >> Ironmail >> 4.1 Security Vulnerabilities
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
CVSS Score
5.0
EPSS Score
0.093
Published
2006-10-16
CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.
CVSS Score
2.6
EPSS Score
0.011
Published
2006-02-04