header-logo
Suggest Exploit
vendor:
NTMail
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: NTMail
Affected Version From: NTMail
Affected Version To: NTMail
Patch Exists: YES
Related CWE: N/A
CPE: a:gordano:ntmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
1999

A vulnerability in Gordano’s NTMail allows remote malicious users to steal local files.

A vulnerability in Gordano's NTMail allows remote malicious users to steal local files. The web server fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename.

Mitigation:

Ensure that the web server is configured to only serve files from within its document tree.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/279/info

A vulnerability in Gordano's NTMail allows remote malicious users to steal local files.

Gordano's NTMail is a Windows NT mail server program. One of its features is allowing administrators to configure the server and users to read their email with a web browser via a built-in web server.

The web server fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename. 

http://www.example.com:8000/../../../../../boot.ini

Navigation

Suggest Exploit

Services By CQR