Check Point Reference: | CPAI-2005-255 |
Date Published: | 26 Oct 2009 |
Severity: | Medium |
Last Updated: | Monday 26 October, 2009 |
Source: | |
Industry Reference: | CVE-2005-1252 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol. The service is accessed through a web browser. A directory traversal vulnerability exists within the IMail Web Calendaring server. The vulnerability is a result of a flaw in the handling of HTTP requests for static resources. An unauthenticated attacker may exploit this vulnerability to remotely read arbitrary files with System privileges. The target will not exhibit any unusual behaviour as a result of this attack. A successful attack will result in potentially sensitive information being disclosed to an unprivileged user. The content of arbitrary files, specified by the attacker in the request will be served in the HTTP response. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Application Servers Protection Violation.
Attack Information: Ipswitch IMail web calendaring arbitrary file read