Arbitrary File Disclosure in IMP Email Client by Interwoven Solutions
CVE-2000-0911

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
19 December 2000

What is CVE-2000-0911?

The IMP email client versions 2.2 and earlier are susceptible to an arbitrary file disclosure vulnerability. By manipulating the 'attachment_name' hidden form variable, unauthorized attackers can read and delete files stored on the server. This exploitation allows attackers to retrieve sensitive information or disrupt normal functionality by deleting files that are critical to operations. It is crucial for users of IMP to apply security patches and follow best practices to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.