CVE-2005-3431

Name of the Vulnerable Software and Affected Versions Rockliffe MailSite Express versions prior to 6.1.22

Description The issue allows remote attackers to read arbitrary files by providing a full pathname in the AttachPath field of a mail message under composition. This is an absolute path traversal vulnerability.

Recommendations For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the AttachPath field to minimize the risk of exploitation.