PT-2005-1410 · Desknow · Desknow Mail/Collaboration Server

Tan Chew Keong

Publicado

2005-02-10

Atualizado

2017-07-11

CVE-2005-0332

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DeskNow Mail and Collaboration Server version 2.5.12

Description A directory traversal issue allows remote attackers to upload and possibly execute files outside the intended directory by manipulating the AttachmentsKey parameter to the "attachment.do" endpoint, or delete arbitrary files via the select file parameter to the "file.do" endpoint.

Recommendations For DeskNow Mail and Collaboration Server version 2.5.12, consider restricting access to the "attachment.do" and "file.do" endpoints until a fix is available, and avoid using the AttachmentsKey and select file parameters in these endpoints to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0332

Produtos afetados

Desknow Mail/Collaboration Server

PT-2005-1410 · Desknow · Desknow Mail/Collaboration Server

CVE-2005-0332

Identificadores relacionados

Produtos afetados

Referências · 9