Unrated severityNVD Advisory· Published Sep 10, 2004· Updated Apr 16, 2026

CVE-2004-1670

Description

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.

Affected products

IceWarp/Web Mail3 versions
cpe:2.3:a:icewarp:web_mail:3.3.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:icewarp:web_mail:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:icewarp:web_mail:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:icewarp:web_mail:5.2.8:*:*:*:*:*:*:*
Merak/Mail Server
cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/11371nvdPatchVendor Advisory
secunia.com/advisories/12789nvdVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/17314nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000