CVE-2005-1252 Information

Description

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13 and other versions before IMail Server 8.2 Hotfix 2 allows remote attackers to read arbitrary files via ..\\ (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.

Reference

http://securitytracker.com/id?1014047 http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html http://www.securityfocus.com/bid/13727