SmarterMail Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running SmarterMail and is prone to directory traversal vulnerability.

Impact

Successful exploitation could allow remote authenticated users to read and write directories, files and perform malicious operations. Impact Level: Application

Solution

Upgrade to version 7.2.3925 or later. For updates refer to http://www.smartertools.com/smartermail/mail-server-software.aspx

Insight

The flaw is due to error in the 'FileStorageUpload.ashx', which fails to validate the input value passed to the 'name' parameter. This allows remote attackers to read arbitrary files via a '../' or '%5C' or '%255c' in the name parameter.

Affected

SmarterTools SmarterMail 7.1.3876

References

http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt
http://www.exploit-db.com/exploits/15048/
http://xforce.iss.net/xforce/xfdb/61910

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3486
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Apple Remote Desktop Information Disclosure Vulnerability
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability

Take action and discover your vulnerabilities