Detections
Analytics

UoW imap Server (uw-imapd) Arbitrary Remote File Access

low Nessus Plugin ID 12254

Language:

Synopsis

The remote IMAP server is affected by an information disclosure vulnerability.

Description

The target is running an IMAP daemon that allows an authenticated user to retrieve and manipulate files that would be available to that user via a shell. If IMAP users are denied shell access, you may consider this a vulnerability.

Solution

Contact your vendor for a fix.

See Also

http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1

https://seclists.org/bugtraq/2002/Jun/2

Plugin Details

Severity: Low

ID: 12254

File Name: imap_arbitrary_file_retrieval.nasl

Version: 1.24

Type: remote

Family: Misc.

Published: 5/26/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2002-1782

BID: 4909