CVE-2006-2917 - OpenCVE

Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qbik	Wingate

Configuration 1 [-]

OR	cpe:2.3:a:qbik:wingate:6.1.2.1094:::::::*
	cpe:2.3:a:qbik:wingate:6.1.3.1096:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/20707
http://secunia.com/secunia_research/2006-48/advisory/
http://www.securityfocus.com/bid/18908
http://www.vupen.com/english/advisories/2006/2730
http://www.wingate.com/download.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2006-07-10T19:00:00

Updated: 2024-08-07T18:06:27.229Z

Reserved: 2006-06-08T00:00:00

Link: CVE-2006-2917

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-10T19:05:00.000

Modified: 2011-03-08T02:37:17.893

Link: CVE-2006-2917

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-48/advisory/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.wingate.com/download.php"}, {"name": "18908", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18908"}, {"name": "20707", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20707"}, {"name": "ADV-2006-2730", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2730"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2006-2917", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://secunia.com/secunia_research/2006-48/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-48/advisory/"}, {"name": "http://www.wingate.com/download.php", "refsource": "MISC", "url": "http://www.wingate.com/download.php"}, {"name": "18908", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18908"}, {"name": "20707", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20707"}, {"name": "ADV-2006-2730", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2730"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:27.229Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-48/advisory/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.wingate.com/download.php"}, {"name": "18908", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18908"}, {"name": "20707", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20707"}, {"name": "ADV-2006-2730", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2730"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2006-2917", "datePublished": "2006-07-10T19:00:00", "dateReserved": "2006-06-08T00:00:00", "dateUpdated": "2024-08-07T18:06:27.229Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*", "matchCriteriaId": "982DE691-B50E-49B2-B4DF-EC518DFFCE75", "vulnerable": true}, {"criteria": "cpe:2.3:a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*", "matchCriteriaId": "7F8EFCA3-2453-4272-9692-22598676DFC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el servidor IMAP en WinGate 6.1.2.1094 y 6.1.3.1096, y posiblemente otras versiones anteriores a 6.1.4 Build 1099, permite a usuarios autenticados leer el correo de otros usuarios, o realizar operaciones no autorizadas en los directorios, a trav\u00e9s de las ordenes 1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, y (7) LIST."}], "id": "CVE-2006-2917", "lastModified": "2011-03-08T02:37:17.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-10T19:05:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20707"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-48/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/18908"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2006/2730"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.wingate.com/download.php"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}