CVE-2006-5487

{"id": "CVE-2006-5487", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-10T22:07:00.000", "references": [{"url": "http://secunia.com/advisories/22806", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1857", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017209", "source": "cve@mitre.org"}, {"url": "http://www.marshal.com/kb/article.aspx?id=11450", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/451143/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20999", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4457", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22806", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1857", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017209", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.marshal.com/kb/article.aspx?id=11450", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/451143/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20999", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4457", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via \"..\" sequences in filenames in an ARJ compressed archive."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el Marshal MailMarshal SMTP 5.x, 6.x, y 2006, y MailMarshal para Exchange 5.x, permite a atacantes remotos escribir ficheros de su elecci\u00f3n mediante secuencias \"..\" en los nombres de fichero de un archivo comprimido ARJ."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marshal:mailmarshal_smtp:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5F02CC-0C1D-462E-876C-0B86E019E12A"}, {"criteria": "cpe:2.3:a:marshal:mailmarshal_smtp:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6925EFB9-B288-4FA3-A742-F90BBE3D324A"}, {"criteria": "cpe:2.3:a:marshal:mailmarshal_smtp:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D44EC3A-884F-404C-874D-3D7BAE1778AA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}