Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/"). This vulnerability is addressed in the following product update:
CipherTrust, IronMail, 6.1.1 HotFix-17
Publication date: Tue, 17 Oct 2006 04:07:00 +0000