CVE-2005-1902

Name of the Vulnerable Software and Affected Versions SPA-PRO Mail @Solomon version 4.00

Description The issue allows remote authenticated users to perform directory traversal attacks against the IMAP service, enabling them to read other users' mail and perform operations on arbitrary directories. This is achieved by using .. sequences in the SELECT, CREATE, DELETE, and RENAME commands.

Recommendations For version 4.00, consider restricting access to the IMAP service until a fix is available, and limit the use of the SELECT, CREATE, DELETE, and RENAME commands to authorized users only. As a temporary workaround, restrict the ability to use .. sequences in these commands to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.