Rule:

--
Sid:
100000142

--
Summary:
This event is generated when an attempt is made to exploit a
directory traversal associated with Imail Web Calendaring
servicel

--
Impact:
A successful attack can permit a user to navigate outside
of the web root directory and read files.

--
Detailed Information:
The Imail Web Calendaring Server does not properly sanitize
a malformed URL that contains directory traversal characters.
This vulnerability is associated with static objects identified
by names ending in .jsp, .jpg, .gif, .wav, .css, or .htm.  This
can permit an unauthorized user to examine files that may contain
sensitive information.

--
Affected Systems:
Ipswitch IMail Server 8.2 and prior
Ipswitch IMail Server 8.15 and prior

--
Attack Scenarios:
An attacker send a URI containing a directory traversal to view
sensitive files on a vulnerable server.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References
Other:

--