Unrated severityNVD Advisory· Published Oct 16, 2006· Updated Apr 23, 2026
CVE-2006-5210
CVE-2006-5210
Description
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").
Affected products
4cpe:2.3:a:ciphertrust:ironmail:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ciphertrust:ironmail:*:*:*:*:*:*:*:*range: <=6.1.1
- cpe:2.3:a:ciphertrust:ironmail:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ciphertrust:ironmail:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ciphertrust:ironmail:5.0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securityfocus.com/bid/20436nvdExploitPatch
- secunia.com/advisories/22406nvd
- securityreason.com/securityalert/1726nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/448779/100/0/threadednvd
- www.symantec.com/enterprise/research/SYMSA-2006-010.txtnvd
- www.vupen.com/english/advisories/2006/4055nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29620nvd
- supportcenter.ciphertrust.com/vulnerability/IWM501-01.htmlnvd
News mentions
0No linked articles in our index yet.