Details of VAR-200110-0108

ID

VAR-200110-0108

CVE

CVE-2001-1282

TITLE

Ipswitch IMail Server Path leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200110-046

DESCRIPTION

Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. A vulnerability exists which may remotely disclose sensitive information about the host running IMail Server. The disclosed information may be used to maliciously map out the directory structure of the host, facilitating further "intelligent" attacks on the host

Trust: 1.26

sources: NVD: CVE-2001-1282 // BID: 3426 // VULHUB: VHN-4087

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 1.6
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 1.6

sources: BID: 3426 // CNNVD: CNNVD-200110-046 // NVD: CVE-2001-1282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1282
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200110-046
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4087
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1282
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4087
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4087 // CNNVD: CNNVD-200110-046 // NVD: CVE-2001-1282

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-046

TYPE

Design Error

Trust: 0.9

sources: BID: 3426 // CNNVD: CNNVD-200110-046

EXTERNAL IDS

db:	BID	id:	3426	Trust: 2.0
db:	NVD	id:	CVE-2001-1282	Trust: 2.0
db:	CNNVD	id:	CNNVD-200110-046	Trust: 0.7
db:	BUGTRAQ	id:	20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-4087	Trust: 0.1

sources: VULHUB: VHN-4087 // BID: 3426 // CNNVD: CNNVD-200110-046 // NVD: CVE-2001-1282

REFERENCES

url:	http://www.securityfocus.com/bid/3426	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html	Trust: 1.7
url:	http://www.ipswitch.com/support/imail/news.html	Trust: 1.7
url:	http://www.ipswitch.com/products/imail_server/index.asp	Trust: 0.3

sources: VULHUB: VHN-4087 // BID: 3426 // CNNVD: CNNVD-200110-046 // NVD: CVE-2001-1282

CREDITS

Discovered and posted to Bugtraq by Niels Heinen <zilli0n@gmx.net> on Oct 12, 2001.

Trust: 0.9

sources: BID: 3426 // CNNVD: CNNVD-200110-046

SOURCES

db:	VULHUB	id:	VHN-4087
db:	BID	id:	3426
db:	CNNVD	id:	CNNVD-200110-046
db:	NVD	id:	CVE-2001-1282

LAST UPDATE DATE

2025-04-03T22:25:22.996000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4087	date:	2008-09-10T00:00:00
db:	BID	id:	3426	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200110-046	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1282	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4087	date:	2001-10-12T00:00:00
db:	BID	id:	3426	date:	2001-10-12T00:00:00
db:	CNNVD	id:	CNNVD-200110-046	date:	2001-10-12T00:00:00
db:	NVD	id:	CVE-2001-1282	date:	2001-10-12T04:00:00