CVE-2006-5210

Name of the Vulnerable Software and Affected Versions IronWebMail versions prior to 6.1.1 HotFix-17

Description The issue allows remote attackers to read arbitrary files via a GET request to the "IM FILE" identifier with double-url-encoded "../" sequences ("%252e%252e/"). This is a directory traversal vulnerability.

Recommendations For versions prior to 6.1.1 HotFix-17, update to version 6.1.1 HotFix-17 or later to resolve the issue. As a temporary workaround, consider restricting access to the IM FILE identifier to minimize the risk of exploitation.